服务器维护,服务器代维,安全设置,漏洞扫描,入侵检测服务

dirtysea 发表于 2008-11-9 02:20:25

Oblog4.6拿webshell

前段时间BLOG的漏洞暴涨。所以我今天也做个BLOG拿webshell的教程。<BR>用工具直接暴账号密码。工具等会会附带上的。<BR><B></B><BR><IMG &#111nclick="if(this.width>=700) window.open('http://www.hxhack.com/bbs/attachment/19_65749_dcca01e5174f0ab.jpg');" src="http://www.hxhack.com/bbs/attachment/19_65749_dcca01e5174f0ab.jpg" onload="if(this.width>'700')this.width='700';if(this.height>'700')this.height='700';" border=0> <BR>显然密码是:admin888<BR>后台地址:admin/admin_login.asp<BR><B></B><BR><IMG &#111nclick="if(this.width>=700) window.open('http://www.hxhack.com/bbs/attachment/19_65749_26c58b8e70f4a88.jpg');" src="http://www.hxhack.com/bbs/attachment/19_65749_26c58b8e70f4a88.jpg" width=700 onload="if(this.width>'700')this.width='700';if(this.height>'700')this.height='700';" border=0> <BR>和4.5基本一样。呵呵。下面大家看清楚怎么拿webshell。<BR>打开-网站信息配置-广告目录 然后把目录改成GG.asp 也就是加个.asp<BR><B></B><BR><IMG &#111nclick="if(this.width>=700) window.open('http://www.hxhack.com/bbs/attachment/19_65749_6234c7e834ee171.jpg');" src="http://www.hxhack.com/bbs/attachment/19_65749_6234c7e834ee171.jpg" onload="if(this.width>'700')this.width='700';if(this.height>'700')this.height='700';" border=0> <BR>然后进入:群组页面广告管理 在里面加入一句话。<BR><B></B><BR><IMG &#111nclick="if(this.width>=700) window.open('http://www.hxhack.com/bbs/attachment/19_65749_46b9a256702b786.jpg');" src="http://www.hxhack.com/bbs/attachment/19_65749_46b9a256702b786.jpg" onload="if(this.width>'700')this.width='700';if(this.height>'700')this.height='700';" border=0> <BR>做完这些我们就拿出一哭话客户端来连接了。<BR>注意一下连接地址是:<A href="http://www.tianjiaowenxue.cn/blog/GG.asp/gg_teamtop.htm" target=_blank><FONT color=#2f5fa1>http://www.tianjiaowenxue.cn/blog/GG.asp/gg_teamtop.htm</FONT></A><BR>大家模仿着那来做就不会错!<BR><B></B><BR><IMG &#111nclick="if(this.width>=700) window.open('http://www.hxhack.com/bbs/attachment/19_65749_24bd04a49ea8658.jpg');" src="http://www.hxhack.com/bbs/attachment/19_65749_24bd04a49ea8658.jpg" onload="if(this.width>'700')this.width='700';if(this.height>'700')this.height='700';" border=0> <BR>这样就很容易拿下webshell了。<BR><B></B><BR><IMG &#111nclick="if(this.width>=700) window.open('http://www.hxhack.com/bbs/attachment/19_65749_c962d79ef45eaef.jpg');" src="http://www.hxhack.com/bbs/attachment/19_65749_c962d79ef45eaef.jpg" onload="if(this.width>'700')this.width='700';if(this.height>'700')this.height='700';" border=0> <BR>哎。又是一家遭殃啊!里面几十个站。<SPAN id=rlt_2 style="CURSOR: pointer; BORDER-BOTTOM: #fa891b 1px solid" &#111nclick="sendmsg('pw_ajax.php','action=relatetag&amp;tagname=权限',this.id)">权限</SPAN>都是可读可写。<BR><B></B><BR><IMG &#111nclick="if(this.width>=700) window.open('http://www.hxhack.com/bbs/attachment/19_65749_241f98b756640e1.jpg');" src="http://www.hxhack.com/bbs/attachment/19_65749_241f98b756640e1.jpg" width=700 onload="if(this.width>'700')this.width='700';if(this.height>'700')this.height='700';" border=0>
<P>&nbsp;</P>

新疆人胡胡 发表于 2006-6-15 23:10:28

re:Oblog4.6拿webshell

......................???我&gt;?????给个斑竹我就高兴的不行啦,谢谢
页: [1]
查看完整版本: Oblog4.6拿webshell