The physical path of the explosion

xiaoxiao2021-03-06 70

The physical path of the explosion-out movable program, do you still remember the vulnerability of the Upload CER file of the MY POWER VER 3.51? That is a masterpiece before N years, must use it to invade a lot of sites. He is using These two sentences, the result of the legal file submitted by FileName Through verification, the second filename1 has been bypassed this verification, and the reason why CER can be uploaded, and the ASP cannot be uploaded because the ASP is also verified. The key is to use the two sentences. (Tip: CER files and ASP files explain in the same interpreter in IIS, that is, how to perform ASP relative to users, how to perform CER. Uploaded extension CER ASP Trojan, can be used normally To be honest, I sometimes like to mix my power and freepower, although there is a difference, I always think that the version is different, the smile. I use My Power Ver 3.51 to upload the vulnerability utilization program of the CER file (that is the changed HTM file) to change the address to FreePower UpFile_SoftPic.asp. The address is www. ******. Com / editor / upfile_softpic.asp. But the "Channel parameter loss!" Has appeared. I thought it was a version different, so the data submitted was different. Listen to the data packets locally, use the ASP's empty byte vulnerability (NC submission of UltraEdit modified data) is still errors.

I think: "This is not, the submit CER is not good, wait! Submit CER is not, it is different, then I can modify the source code of" Submit Upload File "on this version, then Local Submit? "View http://www.*****/editor/upload_article.asp? ChannelID = 1 Source code

// Change Action = "Upfile_Article.asp" is http://www.*****/Editor/upfile_Article.asp (another plus a line) < INPUT TYPE = "Submit" Name = "Submit" Value = "Upload" Style = "Border: 1px Double RGB (88, 88, 88); Font: 9pt"> Do you have anything wrong with you? Nice, according to the use of vulnerabilities, I should be another line as , but I am careless, forgot. Then I chose two files, the previous one is GIF, the latter one is CER, and the rules mentioned in the beginning are uploaded. An error occurred! But this mistake seems to be very fun, actually gives the physical path of the site! Microsoft VBScript runtime error error '800A01C9' This button is associated with one element of the collection

D: / wwwroot / biz ****** 1 / wwwroot / editor /../ Inc / upfile_class.asp, line 104 I didn't have a happy invasion, but because I had an error, I am excited for a while! This error has not been mentioned before the error of the physical path, is it good? Hurry to the Live Optimus to check his customer list, just get a few standing out, visit the leaves in the manager, Powered by: mypower 4.0. Then perform the above operation, actually exploding the physical path. This is still not assured, I will find a few hacker security websites using Powered by: MyPower 4.0 (they are safe, if it is a discovered vulnerability, it should not exist). Several I have given a physical path! Excited ing! (Is the legendary hacker found new vulnerabilities?) Since summarizing the use of the vulnerability 1 version Powered by: mypower 4.02 to leave the cookies after logging in (meaning can be registered and login) 3 inc / upfile_class.asp Upfile_Article.asp existence, test, all files for invoing INC / UPFILE_CLASS.ASP can be successful! 4 The server does not block the prompt information for Microsoft VBScript runtime error. (For example, Huaxia uses this method "to process the server error when processing the URL. Please contact the system administrator.") The utilization process is mentioned above. Aerosolic

转载请注明原文地址:https://www.9cbs.com/read-90646.html

9cbs

New Post(0)