Alternative website configuration plug-in

When penetrating a website, I met a set of website programs commonly used by many enterprise websites, and I don't know who changed the copyright. I have seen such a website program before, and it is basically no difficulty to use SHELL. Why? Because there is a database backup, Just You Konw! But this is different.

Website COOKIE injection enters the background, and adds the uploaded file suffix asa, cer, cdx, and ashx to the website configuration.

Then a familiar prompt is displayed:

Top-notch interception of XX is very tricky. Okay, I copy 1.jpg+ 2.asa and then upload. The following error occurs when the upload is successful and access is performed:

The Error 404 is correct. The file does not exist. It is estimated that the file is first-class and harmonious. After being uploaded, ashx can be uploaded successfully, but asp files are not generated in the same directory, it's probably a good thing to do. Okay, let's back up the database. I changed the copy pony to jpg and uploaded it successfully. I accessed it. The upload is successful. Back up the database. The backup is successful, and the access is also 404. The file does not exist.

Later I found out that the suffix of the backup file was also filtered out. Shenma asa, cer, cdx, and php are all filtered out.

Then, the editor is the same. uploaded files are all Error 404. Finally, I only inserted the configuration file. I thought about it, if I inserted a sentence of Code directly. It is very likely that the website configuration file will also be deleted. Then, the website will crash. If we modify a sentence, can we go around. I did not try. I did not try if I was unsure. I am very depressed here, so I cannot get the shell and feel quite tragic. Then I discussed it with code048, and finally discussed it. If we use a configuration file to contain images, it cannot be filtered out. The website program code contains many common ones. No dangerous code, hey.
I made a local test and succeeded. Then let's go into practice. The risk is also quite high. In case of an error, the website will crash. Insert in the website configuration file:

Contains the uploaded pony image. Note the path here. The contained file cannot start with "/", and the parent directory that contains the file path and website configuration file path has a directory, so you do not need to enter the previous directory. For example, if the website configuration file needs to be included in ../news/inc/config. asp file in ../news/uploadfiles/xxx.jpg, then insert the configuration file to include the file. <! -- # Include file = "../uploadfiles/xxx.jpg" -->. I wrote it for the first time. <! --
# Include file = "../news/uploadfiles/xxx.jpg" --> The result shows that the file cannot be found. Path error.
After the inclusion is successful, the website will only display one image, so you need to change the configuration file back quickly. To avoid being detected by administrators. After successful inclusion:

Finally, use a kitchen knife to connect to the website configuration file. Win.

You can use an image-containing method on the Internet to hide backdoors. If you encounter IIS7 or insert a configuration file to be deleted, you can try to include a configuration file. This is an extension of thinking.

From a hidden group Forum