web server is very vulnerable, and the attack mode is diversified, many people do not know what the web server attack method is, so do not know how to start prevention web server Was attacked, so today this tutorial has organized some attack methods for everyone to understand.
1, SQL injection vulnerability intrusion
This is ASP+ACCESS website intrusion method, through the injection point to list the administrator's account and password information in the database, and then guess the website The background address, then log in with the account and password to find the file upload place, upload the ASP Trojan, get a website WEBSHELL.
2, the use of ASP upload vulnerability
This technical method is to use some of the site's ASP upload function to upload an ASP Trojan intrusion, many sites limit the upload file Types, generally ASP is not allowed to upload files, but this restriction can be broken by hackers, hackers can take the method of COOKIE spoofing to upload ASP Trojans, get the WEBSHELL permission of the website.
3, the background database backup method to obtain WEBSHELL
This is mainly to use the website background to backup and restore the database of the ACCESS database, backup database path and other variables are not filtered, so you can put any file The suffix is changed to ASP, then use the function of website upload to upload an ASP Trojan with a file name changed to JPG or GIF suffix, and then use this recovery library backup and recovery function to restore the Trojan to an ASP file, so as to obtain the WEBSHELL control of the website. The purpose of the permission.
4, the site side note invasion
This technology is through the IP binding domain name query function to find out how many websites on the server, and then through some weak sites to implement the invasion, get the permissions Then switch to other sites on the server.
5, sa injection point utilization of the intrusion technology
This is the ASP+MSSQL website intrusion method, find the SQL injection point with SA permissions, and then use the SQL database XP_CMDSHELL storage expansion To run the system command to create a system-level account, then log in through 3389, or open a listening port on a broiler with NC, and then use VBS to download an NC to the server, then run the NC reverse connection command. Let the server connect back to the remote broiler so that the remote broiler has a remote system administrator level of control.
A lot of people have tried Windows To Go and found that no matter how the U disk is formatted, the U
Author: Blocks Developers Marc Bevand in Hackernews made a short note, a brief explanation of why
Now in the computer, the equipment that is often used in the equipment will not be the camera, wheth
Many users have installed dual systems on their computers to meet their work and life needs. However
Several backup tools under Linux system competition
Prevent mail server poisoning firewall debut
How to ping Windows and VM without connecting the network cable
How to use RAR to make installer
Try to spit! The crazy behind system optimization
OSX Recovery FileVault2 Partition
Five strategies to clear hacker's cloned account
What should I do if the computer boots up to display client mac addr?
Prevent user password loss. Use U disk to generate password reset disk
Server 2003 optimization setting method
How to manually set the static IP of Win8 system? Manually setting Win8 system IP skills
Use Win8's own mail function to use third-party mailboxes
How to set the Win10 power saving mode
Linux Learning: Using File Finder
Win7 system open iQiyi watch video encounter crashes how to solve
G400, G500 cannot be turned on using Windows 8 system wireless