dvbbs7. 1 still from the back office to get webshell-vulnerability warning-the black bar safety net

ID MYHACK58:6220053995
Type myhack58
Reporter 佚名
Modified 2005-10-23T00:00:00


Article author: love sad Information source: evil octal security team

Background: dvbbs7. 1 in the background backup inside plus a access database check out. So the original gif image is restored into the backdoor has to die

Solution: I put the asp Trojan is inserted into the database, and then restore. So definitely check for sure by.

Specific process: Premise: (Even in the default installation conditions prevail, specific situation to grasp on their own.) You get Forum dvbbs7. 1 Background.

  1. Even have as good a database: the inside Insert of the encrypted asp back door[the one that wrote the horse Backdoor] 同时 已经 修改 名字 成 dvbbsToshell.gif(finally the article with the download). ===Supplement: the key is because this picture is the access database is only useful [a detailed explanation see the last of]===

2.上传这个dvbbsToshell.gif select in the post of that place to upload. Because this place does not check text gif feature code. (Don't select the Avatar upload where upload.)

  1. Record the following after uploading the address to the backend is restored to the back door.

  2. Perform back door, new back door. A test function, completed.

Note: If the forum does not start the file upload to the background start upload option. Upload the file of the recording before erasing even does not say.

Solution: The even or with the same as before, the backup and recovery functions removed.

The above database dvbbsToshell. gif in the compression bag.

Download containing the back door of the database images

=============Supplement lower==================== Somebody can't read even the article,it seems is even the article is not written clearly: That being the case:I details of supplementary: [The background: dvbbs7. 1 in the background backup inside plus a access database check out. So the original gif image is restored into the backdoor has to die] a complete explanation is: Because in dvbbs7. 1 added the following code to do the check, the file type, in order to ensure that the file is indeed an access database. Directly by the asp Trojan is to modify the extension to. gif images(even with the GIF89a)is a General however the following code to verify the From the following code view, can only be true of the access file, all the even use of access database,so you can check. Just access the inside join of the back door. May be I'm still using a gif files, the reason, in fact, with dvbbsToshell. jpg too, as long as it is inserted into the back of ccess database),so that has caused some people to understand the error. ----The following code from the dvbbs7. 1 in the data. asp file------------ FileConnStr = "Provider = Microsoft. Jet. OLEDB. 4. 0;Data Source = " & amp; Dbpath Set Fileconn = Server. CreateObject("ADODB. Connection") Fileconn. open FileConnStr If Err Then Response. Write Err. Description Err. Clear Set Fileconn = Nothing Response. Write "the backup file is not a legitimate database." Exit Sub Else Set Fileconn = Nothing End If