One code:
Current file name: <-! # ECHO var = "DOCUMENT_NAME" ->
Name and version of the web server:
VAR = "server_software" ->
Host Name:
Port:
Customer or customer agent IP address:
Customer or customer agent host name:
PATH_INFO
Value, but with an extension of virtual paths for a directory specification:
VAR = "path_translated" ->
The client gives the additional path information:
Said to be saved as STM or SHTML, running as follows:
HTTP_ACCEPT: Image / GIF, Image / X-Xbitmap, Image / JPEG, Image / Pjpeg, Application / X-Shockwave-Flash, Application / VND.MS-PowerPoint, Application / VND.MS-Excel, Application / Msword, * / * HTTP_ACCEPT_LANGUAGE: zh-cn HTTP_CONNECTION: Keep-Alive HTTP_HOST: localhost HTTP_USER_AGENT: Mozilla / 4.0 (compatible; MSIE 6.0; Windows NT 5.0; Maxthon; .NET CLR 1.1.4322) HTTP_COOKIE: nbblastactivity = 1100263629; bblastvisit = 1100264583; bblastactivity = 1100265530; BBUSERID = 1; bbpassword = 0f8514d1ed2eaa91fb9a87a568f6c96f; aspsessionidaqtsdrqq = jogdcebdcnkfmlgdnfhpdhmj http_accept_encoding: gzip, deflate
Current file name: f: /web/1.stm
Web server name and version: Microsoft-IIS / 5.0
Host name: Localhost
Port: 80
Customer or customer agent IP address: 127.0.0.1
Customer or customer agent host name: 127.0.0.1
Path_info's value, but with a virtual path with an extended directory specification: f: /web/1.stm
The client gives the additional path information: /1.stm
Image / gif, image / x-xbitmap, image / jpeg, image / pjpeg, application / x-shockwave-flash, application / vnd.ms-power, application / vnd.ms-excel, application / msword, * / * Not solve!
I saw a paragraph in the phantom brigade today.
When the site is not allowed to upload
Asp CER CDX HTR and other files, upload a STM file, the content is:
Directly request this STM file, Conn.asp is not legacy, the database path is also in hand!
And after reading the introduction of the SHTML, suddenly realized, finally understood!
It turned out to be as mentioned above.
It is an SSI directive to copy "info.htm" to the current page. When the visitor is browsing, it will see the contents of INFO.htm like the other HTML document.
I am successful in the local test! Used a Test.STM file in my IIS directory, the content is:
I put a piece of Trojan file in the same directory ok.asp.
Request Test.stm in the browser, there is nothing to reflect, a blank.
But one look at the source code, fainted, it is the content of my ASP file!
This way we can use this to get the consolidation of the Web's conn file to get the database path.
But a premise is that the server is not deleted with the extension of STM or SHTML!
