猜解默认数据库和 conn.asp 暴库的 NASL 脚本

猜解默认数据库和 conn.asp 暴库的 NASL 脚本 - 网站

来源：自学PHP网时间：2015-04-17 15:08 作者：阅读:次

[导读] 呵呵，脚本语言发挥起来也是很强大的。：）Code:include("http_func.inc");include("http_keepalive.inc");dir = make_list("/data/database.mdb", "/data/data.mdb", "/data/date.mdb", "/data/bbs.mdb", "/data/dvbbs7.mdb", "/data...

呵呵，脚本语言发挥起来也是很强大的。：）

Code:
include("http_func.inc");
include("http_keepalive.inc");
dir = make_list("/data/database.mdb", "/data/data.mdb", "/data/date.mdb", "/data/bbs.mdb", "/data/dvbbs7.mdb", "/data.mdb", "/database.mdb");
#display(dir);
foreach path (dir)
{
if (port = is_cgi_installed(path))
{
#display(path);
report = " Under the cgi path " + path + " found database! Your database is possiblly to be download! ";
solution = "Solution : you d better rename the database name, or move the database to other cgis ";
Risk_factor = "Risk factor: High ";
report = report + solution + Risk_factor;
security_hole(data:string(report), port:port);

}

}

# conn.asp

port = get_http_port(default:80);
if(!get_port_state(port))exit(0);

dirs = make_list("/conn.inc", "/conn.asp", "/connection.asp", "/inc/conn.inc", "/inc/conn.asp", "/inc/connection.asp");

foreach paths (dirs)
{
req = http_get(item:paths, port:port);
r = http_keepalive_send_recv(port:port, data:req, bodyonly:1);
if (r == NULL) exit(0);
if (egrep(pattern:"80004005", string:r))
{
     info = ereg_replace(pattern:.*([^0-9]:.*).*, string:r, replace:\1);
     report = The path + info + maybe is the database physical path! Your databae is possiblly to be download! ;
     Solution = Solution : Please modify the conn.asp file add ON ERROR RESUME NEXT statement. + Risk factor : Medium ;
     report = report + Solution;
     security_hole(data:report, port:port);
     display(" ");

}
}
代码非常短。

.NET中防止Access数据库下载 - 网站安全 - 自学php

利用McAfee对网站脚本权限维护 - 网站安全 - 自学

子栏目

猜解默认数据库和 conn.asp 暴库的 NASL 脚本 - 网站

最新评论

添加评论

更多文章推荐

添加评论