Free web hosting space BUG-vulnerability warning-the black bar safety net

ID MYHACK58:6220054679
Type myhack58
Reporter 佚名
Modified 2005-11-19T00:00:00


Today a friend asked me to help her to find a free space, to be honest, these days free stuff too little. Unlike the previous a dime a dozen. Remember last year 1 2. 2 5, I building Qi UNITA network security. For members opened over a period of time the free space. Today think of that site don't know there is no free service, so go to Kay Union network security check out last year's resource, see Also provide a free service, I'm really excited.!:) Immediately apply for registration of a user. The results without waiting for the admin to verify it can be used. Good. Another exciting ing!~ This space to support asp. 马上 在 IE 地址 栏 里面 写 上 A successful login. Would have thought to do here on the end of it. To a friend this space with, she also not happy dead. Oh。 But who let I was engaged in network Security?, no way hands itch Ah, unwittingly Upload a webshell want to see his Server, what's inside is good stuff. Oh。 Upload later only to find that the free user space does not support a lot of components, I'm mad cry percent...... 5 5 5

Code: Server object error ASP 0 1 7 7 : 800401f3 Server. createObject failed?, the Line 0 invalid ProgID. If you want to get on this message for more information, please visit the Microsoft Online Support site: the.

webshell functions display does not open. Guess the main directory, there is no guess to the effective. Now I'm really no technology can make. Looked at the self-space of the program directory, and suddenly saw above this as shown in Figure 1:


See what uh is. E:\user\ 申请 注册 的 用户名\ To this I think is not able to jump every free user application user space directory?

Code: Note: successful registration you can now through the FTP software to manage your website! Related to FTP software, you can be in our home at the bottom left to download! If you have any other questions please visit our host a forum for discussion! You visit the web site for the Http:// 用户名) [Ctrl+A Select All]

Each application is free space in the user name as a space URL. If we know that someone else registered the username also to know someone else's space program directory. How to find it. There is a way. On the main station on the bbs I found a This column: as in Figure 2


Go in and see them published since already the site's address. Oh, and feeling a little despicable find one. As shown in Figure 3


my/525100bbs immediately try can jump to this directory. In the webshell above, add the absolute path. As shown in Figure 4


A successful jump to someone else's free application space directory. Uh is. it!!! Happy. Black is not Black it. Just look at your hack spirit. Here I also don't want to go on to do. Someone will ask, why not enhance the permission to get the host sysadmin to. I don't want to do that. Inform the administrator.

Personal assessment: I think there is such a problem of free space is still there. As long as we carefully to find find. The problem is in your side. Technology is everywhere now! the. I want to work. Time issues do not allow me to do so. Like the time in for everyone to write good articles. This article written in some hurry! Typos don't laugh at me. Oh。