Info

File upload facilities within web applications can sometimes be flawed, when they are, you need reliable files that can provide useful functions. There is a great collection of web application backdoors located at: http://michaeldaw.org/projects/web-backdoor-compilation/. I have written four new ones that provide full file system navigation, file download, file upload, command execution and SQL statement execution.

The first is filesystembrowser.aspx, which allows easy file system navigation and file downloads. The second is fileupload.aspx, which allows the uploading of files, to the directory where the backdoor file is located. The third file is cmdexec.aspx, which allows for simple command execution. The fourth one is sql.aspx, which allows for SQL statement execution against MS SQL Servers.

Screenshot