An idiot navigation Station Program Vulnerability Analysis

This article can communicate with the author here: http://bbs.2cto.com/read.php? Tid = 98293

Author: Transparent: http://hi.baidu.com/tongming133 red black Union (www.2cto.com) original works, reproduced please note

A friend of mine gave me a website and asked me to check whether shell can be used on this site. Let's first look at the traffic on this site !!

View chart

Haha, it's good to be wandering. Now it's 1.18 o'clock in the evening and there are dozens of IP addresses. Haha, I will first release this program.

Http://bbs.15wz.com/viewthread.php? Tid = 3 & extra = page % 3D1 this is the official forum of his website. Register a user name on this page and reply to the address.

No more nonsense. The text will begin soon !!!

Let's take a look at a classic and idiotic vulnerability !!!

Or = or login vulnerability !!!!

Let's look at the background login page code

Dim username, password
Admin_UserName = Request. Form ("Admin_UserName") // The client information is directly obtained without any filtering or space
Admin_UserPass = Request. Form ("Admin_UserPass ")
Admin_UserPass = md5 (Admin_UserPass)
Set rs = server. createobject ("adodb. recordset ")
SQL = "select * from admin where Admin_UserName =" & Admin_UserName & "and Admin_UserPass =" & Admin_UserPass &""
Rs. open SQL, conn, 1, 3

The code is classic !!!

Haha

For example, some programs filter spaces at least in this part, but this program does not even have spaces.

Did not say, directly or = or login

Well, in fact, as long as you use this vulnerability, you can basically kill the program N multiple sites. The security awareness of the navigation webmaster is very poor, and some Webmasters have not even changed their Default usernames !!!

In fact, a conn is attached to the logon file. The asp database connection file contains code that filters the characters of these vulnerabilities, but the programmer did not call the file at the login. below is the code

Function checkStr (str)
If isnull (str) then
CheckStr = ""
Exit function
End if
CheckStr = replace (str, "", "") // use the replace function to replace ""
End function

In addition, I have read a lot about the conn. asp file, which is the same as a program I used to write. It should not have been written by this programmer. It was found on the Internet!

In addition, the background of this program is relatively powerful, and the template editing function is also available. If we want to mount a Trojan, we don't need to get the shell. Instead, we can directly modify the template,

 

 

Later, I went to the official site to get angry. Let's take a look at what he said.

 

 

After searching for a long time on the Internet, I didn't see a few commercial programs using him. I asked him later, saying that the official website is a commercial version, and I checked it later, I found that the commercial version's so-called vulnerability fix is to change the background address, and the rest are not active. Is this called fixing the vulnerability? This is his official website http://www.15wz.com/

Well, this program vulnerability analysis is over. Don't do anything bad. I looked at it in his group and there were a lot of webmasters using this program ,!!!! Alas, sorrow !!!

You may also want to ask me how I have been sending navigation site vulnerabilities and cannot change the content. What I want to say is that such programs are simple in structure and programming, it is very suitable for you to go to the program and start programming, so I have sent a few more programs, and this kind of program is suitable for you to do the station. You just need to fix the Vulnerabilities Based on the vulnerabilities I have sent, this program can be used. This type of program will not be injected with vulnerabilities, because the foreground is all static, and only some vulnerabilities are exposed in the background ,! Therefore, although there are few program functions, it is safer!