I'm trespassing. Step High website
2004-10-09 13:05
Actually, it's not a new loophole. I have already invaded the website of the step high just recently study more nervous has not released
Everybody go to http://www.cnbbk.com/hacked.htm and see Maybe the page is still
The main idea is to use the injection method to get Admin account number and password then landed on the Management page upload ASP Trojan and then get Webshell
Now I teach you the methods of large-scale invasion of such systems hope that we do not destroy ! or I have nothing to do with it!!! £
Preparation: Conditions calm mind don't do immoral is the thing
Ok began to us on Google search productshow.asp?id=331331 is what number can be seen a lot of site Basic can invade are online mall whole station program system
And then inject the account number and password after Landing we use injection tool will sweep to the landing address is Login.asp this is False true is admin/login.asp This is OK to enter after the point upload file upload your ASP Trojan Horse
upload file name is your Trojan file name in file/under this simple.
---------------------------Pay: The system uploaded ASP file Everyone see if there is no way to upload can be uploaded ——---------------
<body bgcolor= "#9CC7EF" text= "#000000" leftmargin= "0" topmargin= "3" >
<br>
<br>
<br>
<br>
<br>
<form method= "POST" action= "savefile.asp" Name= "Form1" enctype= "Multipart/form-data" >
<table width= "80%" border= "1" bordercolordark= #9CC7EF bordercolorlight= #145AA0 cellspacing= "0" cellpadding= "4" align= "Center" >
<tr>
<TD height= "bgcolor=" "#74B0ED" >
<div align= "center" ><font color= "#FFFFFF" > Upload file </font></div>
</td>
</tr>
<tr>
<td>
<div align= "center" >
<input type= "File" Name= "File1" size= ">"
<input type= "Submit" name= "submit" value= "Upload" >
</div>
</td>
</tr>
<tr>
<TD height= "bgcolor=" "#74B0ED" >
<div align= "center" > </div>
</td>
</tr>
</table>
</form>
<table width= "80%" border= "1" bordercolordark= #9CC7EF bordercolorlight= #145AA0 cellspacing= "0" cellpadding= "4" align= "Center" >
<tr>
<TD height= "bgcolor=" "#74B0ED" >
<div align= "center" ><font color= "#FFFFFF" > Use instructions </font></div>
</td>
</tr>
<tr>
<td> 1, this page is to facilitate you to upload some files (such as the link in the news release of the picture);<br>
2, the file uploaded by this page will be saved in the/file/directory, and files with the same name will be unconditionally overwritten, so use some meaningful file names to avoid files being overwritten with files of the same name, such as two files (Pictures), uploaded on November 20, 2001, which is used in the news, the news name is " Jiang Zemin to our company cordial visit ", the picture named Img_news_20011020_jiangzemin_1.jpg and Img_news_20011020_jiangzemin_2.jpg, and then upload;<br>
3, if there are other upload operations, please use the FTP provided by the service provider. </td>
</tr>
<tr>
<TD height= "bgcolor=" "#74B0ED" >
<div align= "center" > </div>
</td>
</tr>
</table>
</body>
------------------checkuser.asp----------------
<%
If not session ("UserClass") >=1 then%>
<script language=javascript>
<!--
Alert ("Your permissions are invalid, please login again!")
Window.history.go (-1);
-->
</script>
<%
Response. End
End If
%>
-----------savefile.asp---------
<!--#INCLUDE file= ". /include/upload.asp "-->
<!--#include file= "checkuser.asp"-->
<%
Set Upload=new Upload_5xsoft
Formpath=formpath
Set File=upload.file ("File1")
Formpath= ". /file/"
If file. Filesize>0 Then ' If FileSize > 0 indicates that there are file data
Filename=file. FileName
File. SaveAs Server.MapPath (formpath&filename) ' save file
End If
Private Sub Class_Initialize
Dim istart,ifilenamestart,ifilenameend,iend,vbenter,iformstart,iformend,thefile
Dim strdiv,mformname,mformvalue,mfilename,mfilesize,mfilepath,idivlen,mstr
Version= ""
If Request.totalbytes<1 then Exit Sub
Set Form=createobject ("Scripting.Dictionary")
Set File=createobject ("Scripting.Dictionary")
Set Upfile_5xsoft_stream=createobject ("ADODB.stream")
Upfile_5xsoft_stream.mode=3
Upfile_5xsoft_stream.type=1
Upfile_5xsoft_stream.open
Upfile_5xsoft_stream.write Request.BinaryRead (request.totalbytes)
if Iend>istart Then
mformvalue=substring (istart+4,iend-istart-4)
else
mformvalue= ""
end if
form. ADD Mformname,mformvalue
End If
Iformstart=iformend+idivlen
Iformend=instring (Iformstart,strdiv)-1
Wend
End Sub
Private Function subString (Thestart,thelen)
Dim i,c,stemp
Upfile_5xsoft_stream.position=thestart-1
Stemp= ""
For I=1 to TheLen
if Upfile_5xsoft_stream.eos then Exit for
C=ASCB (Upfile_5xsoft_stream.read (1))
if C > 127 Then
if Upfile_5xsoft_stream.eos then Exit for
STEMP=STEMP&CHR (AscW (ChrB (AscB (Upfile_5xsoft_stream.read (1)) &CHRB (c)))
i=i+1
else
STEMP=STEMP&CHR (c)
end If
Next
Substring=stemp
End Function
Private Function instring (THESTART,VARSTR)
Dim i,j,bt,thelen,str
Instring=0
Str=tobyte (VARSTR)
Thelen=lenb (STR)
For I=thestart to Upfile_5xsoft_stream.size-thelen
if I>upfile_5xsoft_stream.size Then Exit Function
upfile_5xsoft_stream.position=i-1
if AscB (Upfile_5xsoft_stream.read (1)) =ASCB (MidB (str,1)) Then
instring=i
for j=2 to TheLen
if Upfile_5xsoft_stream.eos Then
instring=0
exit for
end if
if AscB (Upfile_5xsoft_stream.read (1)) <>ASCB (MidB (str,j,1)) Then
instring=0
exit for
end if
next
if Instring<>0 then Exit Function
end if
Next
End Function
Private Sub Class_terminate
Form. RemoveAll
File. RemoveAll
Set form=nothing
Set file=nothing
Upfile_5xsoft_stream.close
Set upfile_5xsoft_stream=nothing
End Sub
Private function GetFilePath (fullpath)
If fullpath <> "" Then
getfilepath = Left (Fullpath,instrrev (FullPath, "\"))
Else
getfilepath = ""
End If
Endfunction
Private function GetFileName (fullpath)
If fullpath <> "" Then
getfilename = Mid (Fullpath,instrrev (FullPath, "\") +1)
Else
getfilename = ""
End If
Endfunction
Private function ToByte (STR)
dim I,icode,c,ilow,ihigh
tobyte= ""
for I=1 to Len (STR)
c=mid (str,i,1)
icode =ASC (c)
if icode<0 Then icode = Icode + 65535
if icode>255 Then
ilow = Left (Hex (ASC (c)), 2)
ihigh =right (Hex (ASC (c)), 2)
tobyte = ToByte & ChrB ("&h" &ilow) & ChrB ("&h" &ihigh)
else
tobyte = ToByte & ChrB (AscB (c))
end If
next
End Function
End Class
Class FileInfo
Dim Formname,filename,filepath,filesize,filestart
Private Sub Class_Initialize
filename = ""
filepath = ""
filesize = 0
filestart= 0
formname = ""
End Sub
Public Function SaveAs (fullpath)
dim Dr,errorchar,i
saveas=1
if trim (FullPath) = "" or filesize=0 or filestart=0 or filename= "" Then Exit function
if filestart=0 or Right (fullpath,1) = "/" Then Exit function
set dr=createobject ("ADODB.stream")
dr. Mode=3
dr. Type=1
dr. Open
upfile_5xsoft_stream.position=filestart-1
upfile_5xsoft_stream.copyto dr,filesize
dr. SaveToFile fullpath,2
dr. Close
set dr=nothing
saveas=0
End Function
End Class
</SCRIPT>
--------------above is the upload file for the system let's go see if there's another loophole------
------------by Creek from cutting-edge alliances
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.