A word trojan Intrusion Easynews News Management System _ Trojan related
Source: Internet
Author: User
Example one: "A word trojan" intrusion "easynews News management System"
"Easynews News Management System v1.01 official version" is a very common in the corporate Web site template, in the system of the message this component in the data filtering is not strict vulnerability, if the site is the default path and the default filename installation, Intruders can use this vulnerability to upload an ASP Trojan to program the entire Web server.
STEP1 Search Intrusion Target
Using the "Easynews News Management System v1.01 official version" of the site, the site page at the bottom of the copyright notice, there will often be key characters for "WWW.52EASY.COM copyright." As long as Google or Baidu in the string as a keyword search, you can find a large number of intrusion targets.
STEP2 Detection of intrusion conditions
Here, we use the website "http://www.qswtj.com/news/index.htm" as an example to conduct an intrusion detection. "Easynews News Management System" website message this database file is located in "\ebook\db\ebook.asp" by default, first in the browser address bar, enter "http://www.qswtj.com/news/ebook/db/ Ebook.asp, the return information of the access message database file will be displayed in the browser page after the carriage return. If the page is garbled, then the message of the website is not renamed and can be invaded.
STEP3 inserts an ASP back door in the database
I mentioned the message of the news system. This plugin is not strictly filtered, so we can insert the "one word trojan" server code by submitting the statement in the database:
Access "http://www.qswtj.com/news/khly.htm" in the browser and open the submit Message page. In the submission page in the "Home" column, directly fill in the "one word trojan" service side code, other casually fill. After the confirmation click on the "Post message" button, the article published successfully, you can "a word trojan" server code into the message this database.
STEP4 connection back door upload Webshell
Because the message this database file "Ebook.asp" is an ASP file, so we insert into the database file in the ASP statement will be executed. Change the submission address in the "one word trojan" client to the message this database file address, then use the browser to open the client, in the upper input box input upload ASP Trojan save path, in the following input box can be pasted into other ASP Trojan code, here is the choice of Guilin Veterans website Management Assistant ASP code. Click the Submit button, just pasted the ASP Trojan will be written to the forum server to save.
STEP5 Open Webshell
Uploaded ASP Trojan is saved to the same Web directory as the database file, the file name is "temp.asp", so we open the page in IE browser "http://www.qswtj.com/news/ebook/db/temp.asp", enter the default password "Gxgl.com", you can see a webshell.
In the Webshell can upload other files or install Trojans backdoor, execute a variety of commands, the website of the server has been in our hands, can do whatever it wants.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.