ProtWare HTML Guardian 6.x – Encryption

ProtWare HTML Guardian 6.x – Encryption

漏洞ID 1053775 漏洞类型
发布时间 2003-03-21 更新时间 2003-03-21
图片[1]-ProtWare HTML Guardian 6.x – Encryption-安全小百科CVE编号 N/A
图片[2]-ProtWare HTML Guardian 6.x – Encryption-安全小百科CNNVD-ID N/A
漏洞平台 Multiple CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/22410
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/7169/info

A weakness has been reported in the encryption scheme used by ProtWare HTML Guardian. Specifically, the encryption scheme implemented obfuscates data using a simple bit shifting technique, making it trivial for attackers to reverse. 

Administrators may be relying on a false sense of security by implementing the protection supplied by HTML Guardian.

Although it has not been confirmed, it is possible that this issue affects the latest release of HTML Guardian. Earlier versions may also be affected.

#!/usr/bin/perl
#
# Written by rain_song
#
# input file should only contain the main "encrypted" string, which is the 2nd
# javascript variable in the HTML source code.
#

if( $#ARGV != 0 )
{
	print "nWritten by rain_song";
	print "nUsage: $0 input_filen";
	print "tinput_file should only contain 2nd JS variable of HTML page (itn";
	print "t  is the biggest variable)nn";
	exit( 0 );
}

open( INPUT, "<$ARGV[0]" ) or die;

$encrypted = <INPUT>;
close( INPUT );
$length = length($encrypted);

$string1 = substr( $encrypted, 0, $length/2 );
$string2 = substr( $encrypted, $length/2, $length-1 );

$i = 0;
while( $i < length($string1) )
{
	$decrypted .= substr( $string1, $i, 1 ) . substr( $string2, $i, 1 );
	$i++;
}

$decrypted =~ s/\/@@/g;
$decrypted =~ s/'/`/g;
$decrypted =~ s/qg/rn/g;

print $decrypted;

相关推荐: Turbo Linux xhost Vulnerability

Turbo Linux xhost Vulnerability 漏洞ID 1104992 漏洞类型 Configuration Error 发布时间 1998-05-01 更新时间 1998-05-01 CVE编号 N/A CNNVD-ID N/A 漏洞平台 …

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享