Don't let upload My Chosen pass-vulnerability warning-the black bar safety net

ID MYHACK58:6220055492
Type myhack58
Reporter 佚名
Modified 2005-12-16T00:00:00


Recently busy with the development of a WAP mobile website, several days did not sleep, is because UTF_8 conversion for GB problems. Online though there are ready-made ASP script can be converted, but the conversion process or some character conversion. Helpless in a successful development of the WAP mobile station of the page to find a The Art of QQ, but in my sincere advice, he said:“the Commercial Code, can't open it!”. I was speechless, this kind of advanced technology? No wonder China's technological progress was so slow, is this a conservative, reluctant to and people share the technological achievements and caused. Troubles in...... Suddenly I make a living out of crooked ideas, he does not say to me, also means mysterious, well, you do not say I own the“inside”find it!

Want to go of course is to take a look at his WEB page how to design. An opening page, really the other Station is different, is that they develop their own? If that is so? Anyway, I see it in the WEB page file schema distribution is very familiar with, such as its databases, images, and user authentication. It seems also like to out our handy search engine, I use the“Baidu”it. In Baidu's search results has a catalog caught my attention, that is“/wapadmin”, from the name can be seen“WAP”is the mobile Internet the term“ADMIN”is of course with the management about something.

Well, go in and see! Thought a in There of course is the damn landing page, but also to account password...... But let me surprise is the emergence of a post data to the Add page. After a round of page analysis, find one you can upload somewhere, this place is dedicated to user submitted articles. Anyway, I still look at it the upload feature is the possibility to upload...... Unfortunately it has already made a limited, angry....... So think there is no other upload method. I think it'sthe WEB serveris Windows-based 2 0 0 0 series, try the previous upload method. The method is very simple, just upload the address bar of the file followed by the English“the.” As shown in Figure 1.


Fill the point OK, unfortunately the upload is successfully uploaded, but the uploaded file into a“*_Basp”type. As shown in Figure 2:


I use the“ATTRIB”development by ASP Trojan, because it is not too much of a“GET”data, as it is not easy being an administrator in the logs found a lot of useful information. Well, it jumped out of the success of the dialogue, not the success? As shown in Figure 4.

! Next I need not say, of course, is to see if it's the server what's in it. However to note is that the ASP Trojan file name, in which the display is“. asp.”, and Behind it there is a“.”in. If in the browser to put that‘.’ Remove excessive access to our Trojan horse, because that point has long been the Windows“eat”.

Well, this singular upload will come to an end, do not know this problem in the other upload can be set up? I believe we all want to know unfortunately this problem in many other upload process could not be established. Maybe you say: then what's the use? Use size I don't know, but I can successfully use it in a method that servers, but also a rewarding experience. Maybe you're in an environment want to break the head of the time may wish to try this method, maybe pleasantly surprised!