With the rise of the Internet, more and more people want to own their own websites, but many people do not know website or do not have time to do it, so borrowing others' source code has become a popular method. Because of this, it has created such an inpeaceful online world, because program vulnerabilities are everywhere.
When talking about forums, many of my friends first think of the Internet. Because it is indeed the best ASP Forum program in China, many websites use the Internet forum to set up their own forums. Because of the widespread use of the Internet, more and more people are reading its code to study vulnerabilities. Of course, vulnerabilities are discovered again and again, the administrators of various websites are worried about the Internet over and over again.
Now, let's talk about how your website was attacked from the installation file on the Internet.
I. Starting from the dynamic network key. asp file
The key. asp File Specification of the dynamic network is written as follows:
1. Upload the key. asp file in the compressed package to the Dvbbs7.1 Forum directory.
2. Run key. asp and select the required option.
3. Note: after use, click "delete file" or delete the key. asp file in FTP to prevent webshells.
I understand it enough and want to delete it after use, but many website administrators are not responsible for it. I put this dangerous backdoor on the website until one day, A guy broke in and changed his homepage ........ Today, some websites still have such vulnerabilities. If you don't believe them, I will show you a picture:
Figure 1 Website vulnerabilities (click to view the big picture)
As shown in the figure, you will know what key. asp does. It can modify the Administrator information of a website or add an administrator. After adding an administrator, We can edit others' posts and add new sections and other things like a normal administrator. These are not serious, but more serious, at the front-end, we can post images and back up databases. Imagine if we save an ASP Trojan as an image and upload it to the website server, and then back up the image as an ASP file in the background using the backup database function, then we get a webshell. The idea is very clear. Because I am talking about the harm of the key. asp file, I will not operate it. I will discuss it in detail in future chapters.
2. Cloud Download System Vulnerabilities created by key. asp
Of course, on the Internet, there are not only forum programs such as the Internet, but also many other excellent article systems, download systems, Message Base Systems, blog programs, and even whole-site systems for download, the author did not intend to find out the installation instructions about using zz when studying the vulnerabilities in the cloud Download System. asp installation, the installation is to set the webmaster account and password, when the webmaster forgot his own password can be modified through it, just as the key. asp has the same functions, but I accidentally found them:
Figure 2 zz. asp file (click to view the big picture)
Resetting a new account and password makes the website yours. We can use webshell in the background. Currently, the most popular method on the Internet is to use the upload vulnerability to obtain webshell. In fact, after several days of research and testing, I have obtained two other webshell methods, flexible thinking. In short, do not leave a backdoor for others to take advantage.
3. Learning from BBSXP
When the BBSXP forum is installed, install is called. after installing asp, We will upload the program to the website. If any guy wants to use the above method to attack you, then he will know that he is wrong, the programmer who writes BBSXP seems to be the key of the dynamic network. asp events. When coding, he first checks the IP address written by the debugger and the IP address to be debugged later. If it is not the same IP address, he will report an error. The main code is as follows:
Youip = "192.168.1.123" your local IP Address
If adminpassword <> "" and remoteaddr <> youip then
Error ("<li> for security reasons, edit <font color = red> install. <li> set the IP address of the Local Machine in asp </font> to <font color = red> "& remoteaddr &" </font> ")
End if
When we access this page of a BBSXP Forum, there will be a striking Red Cross:
Figure 3 IP address detection function of BBSXP (click to view the big picture)
Summary:
For programs of others, it is best to read the program description before using it. After all, the program is written by others. To write a description, of course, it is necessary to explain some relevant information to the user. In addition, if you know something about the program, you 'd better change it, for example, back-end, Database Calling files, etc. Of course, if you have the ability to discover vulnerabilities, you should fix them for the official website!