A word trojan Intrusion Easynews News Management System _ Trojan related

Example one: "A word trojan" intrusion "easynews News management System"
"Easynews News Management System v1.01 official version" is a very common in the corporate Web site template, in the system of the message this component in the data filtering is not strict vulnerability, if the site is the default path and the default filename installation, Intruders can use this vulnerability to upload an ASP Trojan to program the entire Web server.

STEP1 Search Intrusion Target

Using the "Easynews News Management System v1.01 official version" of the site, the site page at the bottom of the copyright notice, there will often be key characters for "WWW.52EASY.COM copyright." As long as Google or Baidu in the string as a keyword search, you can find a large number of intrusion targets.

STEP2 Detection of intrusion conditions

Here, we use the website "http://www.qswtj.com/news/index.htm" as an example to conduct an intrusion detection. "Easynews News Management System" website message this database file is located in "\ebook\db\ebook.asp" by default, first in the browser address bar, enter "http://www.qswtj.com/news/ebook/db/ Ebook.asp, the return information of the access message database file will be displayed in the browser page after the carriage return. If the page is garbled, then the message of the website is not renamed and can be invaded.

STEP3 inserts an ASP back door in the database

I mentioned the message of the news system. This plugin is not strictly filtered, so we can insert the "one word trojan" server code by submitting the statement in the database:

Access "http://www.qswtj.com/news/khly.htm" in the browser and open the submit Message page. In the submission page in the "Home" column, directly fill in the "one word trojan" service side code, other casually fill. After the confirmation click on the "Post message" button, the article published successfully, you can "a word trojan" server code into the message this database.

STEP4 connection back door upload Webshell

Because the message this database file "Ebook.asp" is an ASP file, so we insert into the database file in the ASP statement will be executed. Change the submission address in the "one word trojan" client to the message this database file address, then use the browser to open the client, in the upper input box input upload ASP Trojan save path, in the following input box can be pasted into other ASP Trojan code, here is the choice of Guilin Veterans website Management Assistant ASP code. Click the Submit button, just pasted the ASP Trojan will be written to the forum server to save.

STEP5 Open Webshell

Uploaded ASP Trojan is saved to the same Web directory as the database file, the file name is "temp.asp", so we open the page in IE browser "http://www.qswtj.com/news/ebook/db/temp.asp", enter the default password "Gxgl.com", you can see a webshell.

In the Webshell can upload other files or install Trojans backdoor, execute a variety of commands, the website of the server has been in our hands, can do whatever it wants.