Newcomers have to learn the website's invasion of basic knowledge-vulnerability warning-the black bar safety net

2006-03-17T00:00:00
ID MYHACK58:6220068054
Type myhack58
Reporter 佚名
Modified 2006-03-17T00:00:00

Description

First introduced under what kind of sites can be invaded: you must be a dynamic website, such as asp, php, jsp this form of the site. Suffix for. htm site advise everyone not to invasion! (invasion probability is almost 0)

Invasion Description: 1 upload vulnerabilities; 2 storm library; 3 inject; 4 next to the Note; 5 COOKIE scams.

1 upload vulnerability, this vulnerability in the DVBBS6. 0 era is that hackers use is most rampant, the use upload vulnerability can directly get WEBSHELL, the hazard level is super high, and now the invasion upload vulnerability is Common Vulnerability.

How to use: in the website in the address bar of the URL after/upfile. asp if the display upload format is incorrect[re-upload] such words of 8 achievements there is a long pass vulnerability the Find a can upload the tool directly can get WEBSHELL on.

Tool Description: The upload Tool, the veterans of the upload tools, DOMAIN3. 5, The two software can achieve the upload of the object, with the NC also be submitted.

WEBSHELL: WEBSHELL in on the lesson is simple introduced, many people are not understanding, here's a detailed speaking, in fact WEBSHELL is not what profound things, is a WEB of permissions, you can manage WEB, modify the home page content and permissions, but nothing particularly high permissions, (the custody of the administrator Settings)General modify someone home most of all need this permission, contact the WEB Trojan friends might know(such as the veteran webmaster Assistant is a WEB Trojan Haiyang 2 0 0 6 is also a WEB Trojan)we upload vulnerability final pass is this stuff, and sometimes run into permissions set the bad server via the WEBSHELL to get the highest permissions.

2 storm library: this vulnerability is now very rare, but there are many sites that have this vulnerability you can use the storm library is submitted to the character to get the database file, get the database files we directly with the site front or backend permissions.

Storm library method: for example, a station address is http://www.xxx.com/dispbbs.asp?boardID=7&ID=1 6 1, I a door you can put the com/dispbbs the middle of the/is replaced by%5c, if there is a vulnerability directly to give the database the absolute path, with paging ray what download down. There are ways is to use the default database path http://www. xxx. com/followed by the conn. asp. If you do not modify the default database path can also get the path to the database(note: here The/also to be replaced with%5c).

Why is replaced by%5c: because in ASCII code in the/equal to%5c, and sometimes hit the database name is/the#abc. mdb, why not? Here need to put the#into%2 3 can download, why I storm out of the database file is. ASP end? What do I do? Here you can download when the. ASP replaced. The MDB so that you can download if also download not may for anti download.

3 injection vulnerability: this vulnerability is now the most widely used, and also a lot of vulnerability, you can say Microsoft's official website there are also injection vulnerabilities. Injection vulnerability because the character filter is not forbidden to the cause, you can get the administrator account password and other related information.

How to use: I first introduce how to find vulnerabilities such as this URL http://www.xxx.com/dispbbs.asp?boardID=7&ID=1 6 1 behind is ID=in digital form at the end of the station we can manually back plus a and 1=1 and see if it shows the normal page plus a and 1=2 to see if the return to the normal page Description No vulnerability if the returned error page indicating the presence of injection vulnerabilities. If you add the and 1=1 returns an error page Description No vulnerability, knowing the site there are no loopholes I can use the manual to guess you can also use the Tool now the tool is more(NBSI NDSI. D DOMAIN, etc.) can be used to guess the account password, because it is a rookie contact, I still recommend everyone to use the tool, hand the comparison cumbersome.

4 side note: we invaded a station may be the station sturdy invulnerable, we can find the next and this station the same server of the site, and then in the use of this site with mentioning of the right, sniffing and other methods to the invasion we want to invade the site. Make a vivid metaphor, such as you and me a house, my family is safe, and your home too, but full of Holes, now there is a thief want to invade my home, he to my house to do the monitoring(i.e. scan)found nothing can use of something, then the thief found your house and my house is one floor, your home could easily get in, he can be advanced into your house, and then through your home to get the whole floor for the key(system permissions), so it is natural to give me the keys, you can enter my home(website).

Tool description: or famous kid DOMIAN3. 5 good things, can detect the injection, can be a side note, you can also upload!

5 COOKIES scams: many people don't know what is COOKIE, COOKIE is your Internet by the website, did you send the value recorded some of your information, such as IP, name or something.

How scams? If we now already know the XX administrator of the station number and the MD5 password, but crack is not out of the password(MD5 encrypted after a 1 6-bit password)we can use the COOKIE scams to achieve, to put their ID modified to the Administrator's MD5 password is also modified to his, there are tools you can modify COOKIES so that you answer to COOKIE fraud purposes, the system thought you were the administrator.

Today's presentation is here, the basis for comparison, are the conceptual things, all is my personal understanding, as there is not the right place hope you pointed out(personally think that is why replaced by%5c, here is a bit of a problem).