Rich guest inbreaks too simple 4 large hole inbreak rich guest

Related Articles

Random Recommendation

Column list

Industry Dynamic	Data disaster early warning
Virus wind vane	Backup disaster data recovery
Aspects of data loss	IT industry hot smell
Recovery	Data security

Position:home>Data security>

Rich guest inbreaks too simple 4 large hole inbreak rich guest

From; Author:Stand originally

Rich guest inbreaks too simple! Everybody wants to notice!

Flaw one: The database downloads flaw

The first pace, search punching bag

Open search engine, search " Pragram By Dlog " , can find a lot of rich guest pages, these rich guests are to use " Dlog broken remains repairs correcting " build. The face of blade that we should look for is the 1.2 version that are put in cruel library flaw. In making much user ignore this version inside embedded EWebEditor is online the security that edits a database, cause a hacker to be able to use acquiescent method to undertake download.

The 2nd pace, get administrator password

A punching bag carries in searching result list: Http://s*.8888.com/blog/ , open this address with the browser, EWebEditor/db/e/eWebEditor.mdb is added at the back and carriage return, download database.

Open this database, in the database " EWebEditor_system " the user name that the administrator can see in the row and password. Because the password is a course,MD5 is added close, because this looks for force of password of a MD5 to defeat solution implement the computer minute or a few days, with respect to attainable password. Occupy experience nevertheless, want to be able to download this database only, with respect to the specification the administrator does not have those who change acquiesce extremely likely to land a password, if see MD5 password is " 7a57a5a743894a0e " , so the password acquiesces namely " Admin " . Now, we can enter EWebEditor tiring-room online editor page.

The 3rd pace, control a server

Add after the address of rich guest " EWebEditor/admin_login.asp " can open EWebEditor tiring-room online editor page. The user name that inputs acquiesce and password " Admin " the tiring-room management page that can land rich guest smoothly.

New add form of customer of a rich, return modal management page. The pattern that a moment ago added is found in modal list, after clicking modal name " install " pushbutton, can use new rich customer form.

After exiting administrative page, undertake registered and land rich guest, send a card next and choose to upload a file, so that control whole server,right now we can upload ASP trojan.

Flaw 2: The file uploads flaw

The first pace, search the rich guest of existence flaw

Find random after a target, want to check rich customer manager to whether will upload webpage program document to delete above all, if the user has a few safe consciousness, meet what will acquiesce upload webpage file to be deleted likely, at this moment washed-up.

We anthology " Http://www.88888.net/workingbird " , add after the address " / Upfile.asp " hind carriage return, if see clew information is " the mistake when Microsoft VBScript moves is wrong ' 800a01b6 ' " the information of and so on, state website of this rich guest is existing the file uploads flaw.
Previous12 Next

Previous:The hacker enters a server to conceal his method
Next：After Word software gives flaw to open documentation again, meet toxic

Disclaimer:The only purpose of the site is to deliver more information. This dose not mean that the site will agree with the views and be responsible for its authenticity.