Author: HaK_BaN [B.C.T]
Website: http://www.cnbct.org
Original download address: http://www.cnbct.org/blog.doc
Hacker X-file]
This is already a new year, Hak_ban and all bug.center.team members said to the readers: "Happy New Year, technical progress", only here HAK_BAN to everyone, a new year gift about the L-Blog program set.
What is the first to say what is blog (blog)? Because many people don't know what blog is? Even if you read this article, you don't understand, so wasting some articles hope editing don't delete! Thank you
Interpretation:
Web Publishing, Publishing, and Post (POST - this word is used when the word is used) The article is a rapidly growing network activity. Is a noun --Weblog, or Blog. A blog is a web page, which is usually composed of short and frequently updated POST; these posts are arranged in year and date. The content and purpose of Blog are very different, from super links and comments on other websites, relevant companies, individuals, ideas news to diary, photos, poetry, prose, and even sci-fi's expressions or posts. Many blogs are published in the personal heart, and other Blogs are a group of people based on a particular topic or a collective creation in the common interest. Blog seems to be real-time messages convey to network. Write these WebLog or Blogs called Blogger or Blog Writer. The idea of publishing Blog on the network has been popular in 1998, but it is only true to 2000. At first, Bloggers recorded its experience and comments on the website daily, and disclosed, to give other people reference and follow. But as blogging expands quickly, its purpose is far from the initial. There is a great difference in the current network of BLoggers published and posting Blog. However, due to the communication method than email, discussion group is simpler and easy, Blog has become a homework between families, companies, departments and teams, because it is also being applied to the enterprise internal network (intranet) .
The BLOG program used on the network is now roughly divided into multi-user and single users, and the BLOG programs of the ASP are more, and there is a variety of vulnerabilities! Now the mainstream ASP BLOG program has the following:
1.L-blog (the ASP Access Architecture written by LoveYuki), the modification of this program and the beautification version N
2.o-blog (Yekai-written ASP Access / SQL architecture multiple users)
3.Misslong (multi-user version)
4.Theanswer's Blog (foreign open source website project procedure, code is cautious and simple)
5. Sic's Blog (the modified version of L-Blog, the security performance is better than the original)
6.dlong (the procedure prepared by the pig flying belongs to the earlier BLOG program, stop development)
I will take the l-blog program to analyze! See how many problems with our l-blog?
I.L-blog proceedings. (Cross-station script vulnerability)
There will be more vulnerabilities in the most wide procedure, and our L-Blog program is the same! ! First, see the basic vulnerability cross-site script vulnerability, found in the Member.asp / Favorite.asp / Bloglinks.asp page, the author does not prevent the cross-station script, so it is not filtered to any sensitive characters. Taking us us with cookie's stealing, and for Blog destruction! We will set the "Personal Home" section of the Member.asp page as an example, we find that as long as you enter a specific malicious code, you can get the administrator's cookie or destroy! For example:
