How to create pseudo log-vulnerability warning-the black bar safety net

ID MYHACK58:62200925007
Type myhack58
Reporter 佚名
Modified 2009-10-14T00:00:00


A, execute the external program

DIM objShell set objShell=("") iReturn=(" /C set var=world", 1, TRUE)

Save As. the vbs file can be. In this code, we first set an environment variable, which is named var, and the value of the world, the user can use%Comspec%instead, and you can put the command: set var=world, changed to other command, so you can make it can run arbitrary commands.

Second, the use of script forgery log

set ws=("") 0 ,"write log success" 'create a successful implementation of the log

The above code is saved as can be. This code is easy to understand, first obtain the wscript of a shell object, and then use the shell object's logevent method. logevent usage: logevent eventtype,"description" [, remote system], where eventtype is the type of log, you can use parameters are as follows: 0 for successful execution, 1 Do error, 2 warning 4 information 8 success audit, 1 6 failure audit. So in the above code, put 0 instead of 1,2,4,8,1 6 May, the quotation marks in the content of the log description. Use this method to write the log there is a disadvantage that can only be written to the Application log, and the log sources only for the WSH, Windows Scripting Host, so can not play too much of a hidden effect, this is only for your reference.!