Author: Han Blood Source: www.qfaq.com
I saw a Trojan station a few days ago, and then he had a safety test for him. It was found that it was on a virtual host, and the security settings of the virtual host were relatively high. How did I enter me today? The Trojan station has been written, there is no technical thing designed to design, just say this idea, because of the most important thing! First, I saw the next stop. It was found that the power system, looked at the next version MyPower Ver3.51, which was more new, injected into filtering, and the uploaded place could not pass the ASP Trojan. At the time, it was depressed. I can't blind, directly Enter http://www.*****.com/inc/conn.asp database directly:
Dizzy, so long name! ! ! Now I can give his database down, then go to the MD5 password, but this is too time, not me, etc.! In his stood, it was found that there was nothing to use, so I used WHOIS to check how many stations on his host, http://whois.Webhosting.info/*.*.*, one Look, - IP Hosts 118 Total Domains ... Showing 1 - 50 out of 118 dizzy, how to find, if you find it, don't look at it, your luck is good, find a mobile network forum, DVBBS Version 6.1. 0, look at Upfile.asp, find the existence, the vulnerability of the direct use of the mobile network, the tool is uploaded to an ASP Trojan, and the display is successful, but when it is open, the current directory is discovered, the relevant prompts are prohibited from running the ASP program, " depressed! ! ! It seems that it is not necessary to manually, but the handmade is a ripe road, change the directory into the root directory, it is impossible to run the ASP program! Here I have brought it, unfamiliar friends can go to the breeze to find which animation tutorial! Finally, here is here:
Originally thinking that the next thing will be smooth, then know that all the problems are here! I want to pass an ASP Trojan in the top of Haiyang, but there is such a situation when it is stored.
Which is halo, it seems that the host has information intercepting the system, we are not afraid, I will try again on the ASP web page!
Depressed, the warning information just came out again, and later discussed with a few friends, guess the Asp.dll file on their host to filter the upload of the ASP file, calculated, hard to handle us directly ASP Trojan, but now you have to find a little bit, because it will be very trouble when the Too Trojan caught! I use the exclusive back door of pigs! Final success:
After entering, I found that the host did a security policy. No matter how jumped, I could only look in this directory. Although I knew the actual path of the Trojan station, it was not written in, and the host is not allowed to transfer ASP in Web Program, depressed, ordered can not be implemented, it seems that we have got a WebShell without what! I found an ASP Trojan written by the shark:
<% @ LANGUAGE = "VBScript" cODEpagE = "936"%>
