web| Backstage | upload
Recently got two BBS system, found backstage pass/change Webshell when all did a certain limit of precaution, make many novice do not know how to pass Webshell control host. In fact, the problem is very simple ... It'll take a few minutes to fix it.
1.BBSXP
Yesterday, my friend went into a bbsxp forum, this forum before a lot of problems, the producer (as if the Yuzi studio) is very not aware of security precautions, and the basic knowledge of scripting security, resulting in a lot of loopholes, and now is not very popular. But the new version of the new, also want to see ...
The background of a general view of the discovery can and Dvbbs the same background through the backup database to get Webshell, but the problem is if the backup into the ASP, the background has a validation, the hint can not be backed up. ASP files. In fact, this thing is a worthy precaution strategy, because we also know that there are CDXCERASAHTR format can also execute ASP script. And Bbsxp didn't think .... So, we change the backup to. Asa and so on can be passed ... Bbsxp is still so food ...
2.LeadBBS.
Leadbbs is a strong forum in general, but Lin has recently found a cookie spoofing vulnerability. Oh. So in many people use, all found no way to pass Webshell. This includes sniper. haha/
In fact, we can edit the background of an ASP file, and this file is to detect the server and <% these two characters. It looks like a good precaution, but it's still a problem.
We can use the include to write an ASP Trojan.
First from the forum upload a jpg suffix of the ASP Trojan Horse, this Trojan is best to directly use the FSO or ADODB.stream in the current directory to generate a newmm.asp such code. Because include cannot receive data.
and write it in the background edit file.
Then access this file, the last access to the generated ASP Trojan address on it ....