Summarize some upload vulnerability utilization methods

Author: qxz_xp Published: 2013-10-26 11:43 Classification: Rookie Entry , Hacker technology , Hacker attack and defense   No comment  

1. Directly upload the trojan in the format of asp asa jsp cer php aspx htr cdx, and if not, use the IIS 6.0 parsing vulnerability ": 1. asp; 1.jpg/1.asp;. jpg/1.asp; jpg/1.asp;. xls

2. When uploading an image trojan meets an intercepting system, even the image trojan can't be uploaded. Open the image trojan in Notepad and add gif89a at the front of the code to escape the intercepting system.

3. Upload the image trojan, copy the address to the database backup, and back it up as an asp trojan. Sometimes, if it is not successful, try to break through by using the IIs6.0 parsing vulnerability.

4. Upload the image trojan and use the package capture tool to capture the package. Use Mingxiaozi's comprehensive upload function to copy the upload address and cookies and fill them in the corresponding box. Click Upload. 5. When there is a database backup egg in the background and there is no upload point, insert the sentence trojan into any place, then back it up to the database backup as an asp trojan, and then use the sentence client to connect to the trojan. 6. In the background, click Modify Password, and the new password is set to: 1 ″: eval request ("h") '. After the setting is successful, connect asp/config.asp to take down the shell

7. When the page prompts "The upload format is incorrect [Re upload]", it indicates that there is an upload vulnerability. Copy the address and upload it in Mingxiaozi. Generally, you can take down the shell directly.

8. When there is no database backup in the background but there is database recovery, please do not hesitate. Database recovery is the same as database backup. It is directly evil.

9. If you know that the database of the website is asp, you can directly find the message board at the front desk to insert a sentence trojan, and connect to the configuration file inc/config.asp to take down the shell.

10. When there is a "member registration" in the front desk of the website to register an account to see if there is an upload point, if there is one, upload the asp trojan directly and use the iis6.0 parsing vulnerability. If not, grab the package and upload it with Mingxiaozi.

11. Upload an. ashx file first, and search in the notes to find the method. The result is that the visit will generate a sentence trojan file, which can be used for background upload, editor upload, and upload vulnerability pages.

12. When the page prompts that only jpg | gif | png and other formats can be uploaded, right click to view the source file, locally modify it to asp | asa | php, and then upload it locally to take down the shell.

13. When the AD detection injection point prompts SA or DB permissions, try to list the directory to find the physical path of the website, and then click cmd/Upload to directly upload the asp trojan. Otherwise, take the shell for differential backup.

14. For some upload pages with upload vulnerabilities, as well as upload pages found in the background, you can try to use local dual file upload breakthrough. The first is jpg, the second is cer, and Firefox is recommended.

Original article reprint please specify: reprint from Seven Travelers Blog

Fixed link of this article: https://www.qxzxp.com/3761.html

QQ Zone WeChat Tencent Weibo Sina Weibo My Sohu Renren Tianya Community Baidu Post Bar more
Previous
Next

Summarize some upload vulnerability utilization methods: wait for you to sit on the sofa!

Comment

4 + 5 =

Shortcut key: Ctrl+Enter