To quickly locate website source code-bug warning-the black bar safety net

ID MYHACK58:62200923856
Type myhack58
Reporter 佚名
Modified 2009-07-13T00:00:00


In practice we often face such a dilemma: we felt that the target site uses a set of open source code, but by the webmasters of the pages of the modified obliterate the ability to directly access this source The name of the dominant logo. This our hack is obviously unfavorable, we may in order to find the source code to study and struggling to the major download sites like the source code one by one to determine, more than, we got the website back password, but can't find the backend path, and sometimes the background or the source default-dictionary run out after, what is there to choose? Now I recommend another option: the source directory query-this is the“closed network”in launch of a service. In fact, this idea of everyone in the usual must have, through the web site of a special file name to determine the source of the name. Cut the crap, the first look at an example: The target site is a shopping site, wherein a section of the“My selling”point of the path is: mycsproc. asp-this page name is a characteristic, Oh, to www. seeknot. com the search bar in the input mycsproc. asp, select the default directory to find the way, to submit.

Returns two search results: one is the “good faith treasures shop second edition”, is a“virtual game equipment trading Station program”, through the“directory list”link to view all the file names and directory structure, and further verification is we're looking for the source code, and found that the default database path is “/db. mdb”and try to down it, if successful, will be able to directly access the database, although the user password is md5 encrypted in the ps:seeknot also provide an md5 hash lookup, a simple md5 encryption string can be hack,other sites also have this feature, not discussed here, and if you are lucky enough to encounter a simple hash value and the default background path, you can pass the“Manager/Admin_Login. asp”is, destroy Huanglong. In other words, with seeknot the source directory query features, the best case you can get database, the background path, and all sensitive information, the worst case can immediately determine the source of Justice, download the set, read the source code, looking for vulnerabilities. In fact, the source code directory lookup, md5 lookup is an information retrieval approach, the private is intended to think, search the essence is to use space to exchange time of an act, we will continue to launch similar targeted service. The whole article seems in to your own website to advertise, but if it is useful, timely, and fling cover it. The way to the station recommend to the majority of webmasters, I hope you guys can from here to find the need of the source code.