asp-webshell: ASP/ASP.NET Webshell - Detect

日期: 2025-08-01 | 影响软件: asp-webshell | POC: 已公开

漏洞描述

PoC代码[已公开]

id: asp-webshell

info:
  name: ASP/ASP.NET Webshell - Detect
  author: lu4nx
  severity: high
  reference:
    - https://github.com/tennc/webshell/tree/master/aspx
    - https://github.com/tennc/webshell/tree/master/asp
    - https://www.rapid7.com/blog/post/2016/12/14/webshells-101/
  metadata:
    verified: true
  tags: asp,aspx,file,webshell
file:
  - extensions:
      - asp
      - asa
      - aspx
      - ashx
      - asmx
      - asax

    extractors:
      - type: regex
        regex:
          - '(?i)(eval)'
          - '(?i)(eval|execute)\('
          - '(?i)wscript.shell'
          - '(?i)ExecuteStatement'
          - '(?i)cmd.exe'
          - '(?i)mmshell'
          - '(?i)GetCmd'
# digest: 4b0a00483046022100c2546fdb688243d1cf7b3f15599e3490494a736dcf365fbed785660e197ad399022100dcb829f608adfb1e699588a6984a293fa4c2acb596ca0b90b92bda2fa6150ac8:922c64590222798bb761d5b6d8e72950

来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/file/webshell/asp-webshell.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐