Dangerous files in the CMS program

For someone else's program, it's a good idea to read the procedure before you use it, after all, the program is written by someone else, write a description of course, to the user to explain some relevant information, in addition, if you understand the program, it is best to change the background ah, database call files Ah, of course, if you have the ability to find loopholes, You're going to fill these holes for the authorities.

With the rise of the Internet, more and more people want to have their own site, but many people do not know how to do the site or do not have time to do, so the use of other people's source code has become a popular way. Because of this, it has created such a restless network world, because the program loophole is everywhere.

Many friends talk about the forum is the first to think of the network, because it is indeed the best of the Domestic ASP forum procedures, so many of the Web site are used to set up their own forum. Also because of the widespread use of the network, so read it code research loopholes are more and more, of course, the loophole is again and again was found, the webmaster is again and again for the network and worry, and trouble.

Okay, pull it off, we'll start from the installation file of the moving network, let everybody know how your website is attacked by people.

A Discussion on key.asp files from moving network

The Manual of the key.asp file of the net is written as follows:

1. Please upload the key.asp file in the compressed package to Dvbbs7.1 forum directory.

2, after running key.asp Select the options you need.

3. Note: After use, please click "Delete file" or delete key.asp file in FTP in case the back door is left.

Write enough to understand, after use to delete, but there are many webmasters are not responsible for, put the dangerous back door on the website until one day, a guy broke in and changed its homepage ... today, there are still some sites have such loopholes, do not believe that I give you a picture:

Figure 1 The site's vulnerability screenshot

Look at the picture and you know what key.asp is, it can modify or add an administrator to a Web site's admin data. Added an administrator after we can like the normal administrator to edit other people's posts, new additions to some sections of what, these are not serious, more serious is that the front of our posts can upload pictures, and then we can back up the database. Just imagine, if we save an ASP Trojan to upload the image format to the Web server, and then back in the background by backing up the database function to the image as an ASP file, then we get a webshell. The idea is very clear, because I speak here is the harm of the key.asp file, do not operate, the later chapters will have the detailed narration.

Two Cloud download System vulnerability caused by dynamic network key.asp

Of course, the Internet is not only the public only like the Dynamic Network forum procedures, there are many other excellent article system, download system, message this system, blog programs, and even the whole station system to provide downloads, I recently studied the cloud download system of the vulnerability of the time did not find its installation instructions to use Zz.asp installation, installation of the time is to set the webmaster's account and password, when the webmaster forgot their password can be modified by it, as key.asp the same function, but accidentally I found:

Figure 2 zz.asp File

Reset a new account and password, then this site is yours, backstage you enter. Backstage we can use to get Webshell method, the most popular on the internet is to use upload loopholes to get webshell, in fact, the author through a few days of research and testing, got the other two ways to get Webshell, the idea is very flexible. In short, do not easily leave the back door to others.

Three Learn from Bbsxp

When installing the Bbsxp forum, Will call install.asp to install, installed after we upload the program to the site, if there is a guy who still want to use the above method to attack you, then he knew he was wrong, write Bbsxp programmer appears to be from the Key.asp event in the network to learn from the ha-ah. He first detects in the code the debugger writes IP and later debugging IP, if not the same IP he will be the error, the main code is as follows:

youip= "192.168.1.123" ' Your local IP address

If adminpassword<> "" and Remoteaddr<>youip Then

Error ("<li> for security reasons, please edit the IP address of the native in <font color=red>install.asp</font> <li> please set it to <font color= Red> "&remoteaddr&" </font>)

End If

When we visit this page of a bbsxp forum, a striking red fork appears:

Figure 3 bbsxp detection of IP capabilities