Dvbbs7.1 in upfile. added the upload check in asp. so I used to like the sad method. When I passed the jpg database backdoor, there was a problem. Solution: I used dvbbstoshell.gif, but after downloading it, we changed the opening method to WinRAR. The specific process is as follows: 1.dvbbstoshell.gif (or other backdoor with similar functions)
Dvbbs7.1 in upfile. added the upload check in asp. so I used to like the sad method. When I passed the jpg database backdoor, there was a problem. Solution: I used dvbbstoshell.gif, but after downloading it, we changed the opening method to WinRAR. The specific process is as follows: 1.dvbbstoshell.gif (or other backdoor with similar functions)
Dvbbs7.1 added the upload check in upfile. asp, so I used to like the sad method in the jpg database.
BackdoorIt's time to go out.
Problem
Solution:
The trojan is also dvbbstoshell.gif, but after downloading it, we change the Open Method to WinRAR.
Specific process:
1.dvbbstoshell.gif (or other
Backdoor)
2. Change the open mode to WinRAR in file properties.
3.upload the dvbbstoshell.gif file and select the location where the post is published. Because this part does not check the gif signature.
(Do not select the place where the Avatar is uploaded .)
4. Record the uploaded address
BackgroundRestore
Backdoor.
5. Execute
Backdoor, Write new
Backdoor. Test the function.
Prerequisites:
You get Forum dvbbs7.1
Background.
You only need to change the open mode to asp. asa. aspx. cer. cer. cdx. htr (as mentioned in WinRAR ).
The following are the patches that have been installed in the upfile. asp file.
CODE:
'Determine whether the file type is qualified
Private Function CheckFileExt (FileExt)
Dim ForumUpload, I
ForumUpload = "gif, jpg, bmp, jpeg, png"
ForumUpload = Split (ForumUpload ,",")
CheckFileExt = False
For I = 0 to UBound (ForumUpload)
? If LCase (FileExt) = Lcase (Trim (ForumUpload (I) Then
??? CheckFileExt = True
??? Exit Function
? End If
Next
End Function
'Format suffix
Function FixName (UpFileExt)
If IsEmpty (UpFileExt) Then Exit Function
FixName = Lcase (UpFileExt)
FixName = Replace (FixName, Chr (0 ),"")
FixName = Replace (FixName ,".","")
FixName = Replace (FixName, "asp ","")
FixName = Replace (FixName, "asa ","")
FixName = Replace (FixName, "aspx ","")
FixName = Replace (FixName, "cer ","")
FixName = Replace (FixName, "cdx ","")
FixName = Replace (FixName, "htr ","")
End Function
'File Content-Type judgment
Private Function CheckFileType (FileType)
CheckFileType = False
If Left (Cstr (Lcase (Trim (FileType), 6) = "p_w_picpath/" Then CheckFileType = True
End Function
SupplementLower
In fact, this method is one step more than the method of "like sorrow": Change the Open Method to WinRAR in the file attribute
Today, when I got a service site for an Internet cafe in Kunming, many of them met
ProblemI tried to find this defect when I went back to the dormitory. I felt that the method was the same as that of "dvbbs7.1 ".
Background"Webshell" is much easier to use than the methods mentioned by many people later. Let's share them with you. What are the better methods or the errors in the methods I mentioned? Please send them out.