¡¡¡¡2nd, uses the picture the upload function. We alter to the ASP wooden horse's suffix the picture suffix, like GIF, JPG, BMP and so on, carry on the upload, after uploading successfully, will prompt the document to upload successfully, and will give the document the position, if ' UploadFiles/20080501012.gif';, but, some possibly will not prompt, we must use WSockExpert to carry on to the upload process grasp the package, will catch the upload way; Then, we through the database backup's function, picture and so on gif forms turn the ASP form the database, carries on the visit, at this time we usually might see our WebShell! But some website upload function will carry on the examination at present to this, if the backup document will not be able to inspect belongs to the database, will then prompt “the illegal database”, at this time how should we manage? Since must examine whether to have the database characteristic, then we joined the picture the database characteristic not to be possible? Right! The fact is so, we may add on the database characteristic through the DOS COPY order to the picture, after the order are as follows “COPY wooden horse picture .gif+ database file .mdb synthesis document .gif” like this, after we synthesize the picture will have the database characteristic!

¡¡¡¡But, some website backstage we could not find have the database backup place, no matter the above method has used, at this time how should we manage? Should not be anxious, the matter always has solution. Found one to have the upload function page, a casual upload any thing, carried on with WSockExpert to the upload process grasps the package, after generally we clicked on the upload, will catch Bao Zhongjiu in WSockExpert to find the upload the ASP page and corresponding COOKIES, certainly we must certainly enter the backstage advanced in here, carried on the upload with manager's account number, obtained COOKIES was the manager, this on which might use in behind. We use the bright boy's upload function again, the choice upload page, is we grasps the page which the package obtains, fills in COOKIES which obtains, chooses the wooden horse which we must upload (to exempt kills! Otherwise passed on has deleted to the server), click upload, when the procedure prompted was successful, we may to our WebShell carry on visit! If is defeated, trades other upload the type to try to look.

¡¡¡¡Sometimes our possibly really spot cannot attain some website WebShell, we may use the marginal notes at this time the method to belong to the identical Taiwan server's website to take WebShell, then proposes the power to attain puts in order the Taiwan server, carried on the invasion to our goal website to be possible again.

¡¡¡¡The above is and gains webshell to the ACCESS database analysis, under, I carry on to the MSSQL database analyze. In the past I also study ACCESS database Xie Po first, when study MSSQL database time discovered that oneself had many does not understand, therefore took many tortuous paths, now takes the MSSQL database webshell under the method summary, hoped that to the friends who only then contacted webshell have the help.