Lucene search

佚名MYHACK58:62200713866

HistoryJan 20, 2007 - 12:00 a.m.

Network Security Series knowledge of CGI exploits collection under-vulnerability warning-the black bar safety net

2007-01-2000:00:00

佚名

www.myhack58.com

119

JSON

4 2. exprcalc. cfm

● Type: the attack type

● The level of risk: low

● Description: if in a Web directory containing:

/cfdocs/expeval/exprcalc. cfm
/cfdocs/expeval/sendmail. cfm
/cfdocs/expeval/eval. cfm
/cfdocs/expeval/openfile. cfm
/cfdocs/expeval/displayopenedfile. cfm
/cfdocs/exampleapp/email/getfile. cfm
/cfdocs/exampleapp/publish/admin/addcontent. cfm

These files, then the intruder may be able to use them to read into the system on all the files.

● Workaround: move the Web directory exprcalc. cfm deleted or removed.

4 3. displayopenedfile. cfm

● Type: the attack type

● The level of risk: low

● Description: if in a Web directory containing:

These files, then the intruder may be able to use them to read into the system on all the files.

● Workaround: move the Web directory displayopenedfile. cfm deleted or removed.

4 4. sendmail. cfm

● Type: the attack type

● Risk level: medium

● Description: Web directory of the openfile. cfm deleted or removed in multiple WebServer with Whois. cgi there is overflow vulnerability. They include:

Whois Internic Lookup - version:
1.02
CC Whois - Version: 1.0
Matt"s Whois - Version: 1

They will make the intruder can be used on the system to start the httpd user privileges to execute arbitrary code. If in a Web directory containing:

These files, then the intruder may be able to use them to read into the system on all the files.

● Workaround: move the Web directory in sendmail. cfm deleted or removed.

4 5. codebrws. asp

● Type: the attack type

● Risk level: medium

● Description: If you are using Windows NT+IIS as the Web Services case, the intruder can use this ASP to view on the system all start the http users have permission to read the file.

Please go to the following address query patch program:

Internet Information Server:
ftp://ftp.microsoft.com/bussys/iis/iis-public/fixes/usa/Viewcode-fix/
Site Server:
ftp://ftp.microsoft.com/bussys/sitesrv/sitesrv-public/fixes/usa/siteserver
3/hotfixes-postsp2/Viewcode-fix/
http://www.microsoft.com/security/products/iis/checklist.asp

● Workaround: move the Web directory in the codebrws. asp deleted or removed.

4 6. codebrws. asp_1

● Type: information type

● Risk level: medium

● Description: in/iissamples/exair/howitworks/below the presence of codebrws. asp file with the following path:

http://www.xxx.com/iissamples/exair/howitworks/codebrws.asp?
source=/index. asp

You can view the TO index. asp source code. Virtually any ascii file can be browse.

● Workaround: move the Web directory in the codebrws. asp deleted or removed.

Please go to the following address query patch program:

4 7. showcode. asp_1

● Type: the attack type

● Risk level: medium

● Description: in/msads/Samples/SELECTOR/directory under the presence of showcode. asp file with the following path:

http://www.xxx.com/msadc/Samples/SELECTOR/showcode.asp?
source=/msadc/Samples/…/…/…/…/…/the boot. ini

You can check to boot. the ini File content, in fact the intruder can use this ASP to view on the system all start the http users have permission to read the file.

● Recommendation: prohibited/msads directory anonymous access.

● Workaround: move the Web directory of the showcode. asp deleted or removed.

Please go to the following address query patch program:

4 8. /msadc directory can be accessed

● Type: the attack type

● Risk level: medium

● Description: Windows NT IIS server under the /msadc directory can be accessed, will cause a series of security questions, including is the intruder illegally calling application

● Recommendation: we recommend that remove the unnecessary by IIS is installed by default formed the directory.

● Solution: disable the/msadc directory, if you have to open the directory, at least it should be set to the legitimate users need a password to access.

4 9. search97. vts

● Type: the attack type

● Risk level: medium

● Description: This file enables the intruder to any reading system to start the httpd user can read the file.

● Workaround: move the Web directory in search97. vts deleted or removed, or to the following address to download the patch program:

https://customers.verity.com/products/server/310/patches/

5 0. carbo.dll

● Type: the attack type

● The level of risk: low

● Description: If you installed a Systems running iCat Suite version 3.0, then it will automatically on the system to add the one called carbo. the dll file and the intruder will be able to use this file to access the system on heat and file.

● Workaround: move the Web directory of the openfile. cfm deleted or removed.

5 1. whois_raw. cgi

● Type: the attack type

● The level of risk: low

● Description: because whois_raw. cgi authors mistakes, this CGI will allow intruders to be able to system start the httpd user privileges to perform the system on any program.

● Solution: Web directoriesIn the whois_raw. cgi deleted or removed.

5 2. doc

● Type: the attack type

● The level of risk: low

● Description: a Web directory can be a list of files, which will help the intruder Analysis System Information.

● Solution: all the Web directory is set to the not File List.

5 3. . html/…/config.sys

● Type: the attack type

● The level of risk: low

● Description: If you are using a older version of ICQ, then the intruder can use it to read on the machine all the files.

● Recommended: download the new version of ICQ.

● Solution: download the new version of ICQ.

5 4. …/

● Type: the attack type

● Risk level: medium

● Description: to use the WebServer software can enable the intruder to read the system on all the files.

● Solution: replace or upgrade the WebServer software.

5 5. no-such-file.pl

● Type: the attack type

● The level of risk: low

● Description: since the WebServer software defects, so that the intruder can use the non-existent CGI script request to analyze your site’s directory structure.

● Workaround: upgrade the WebServer software.

5 6. _vti_bin/shtml.dll

● Type: the attack type

● The level of risk: low

● Description: intruder make use of this file will enable the system CPU occupancy rate of 1 0 0 per cent.

● Resolution: _vti_bin/shtml. dll from Web directories deleted or removed.

5 7. nph-publish

● Type: information type

● Risk level: medium

● Description: in/cgi-bin directory under the presence of nph-publish the files, which makes the intruder through the www browser on the server any file.

● Recommendation: we recommend that the review of/cgi-bin directory, delete the unnecessary cgi programs.

● Workaround: remove nph-publish the file.

5 8. showcode. asp

● Type: information type

● Risk level: medium

● Description: in/msadc/Samples/SELECTOR/showcode. asp? source=/msadc/Samples/SELECTOR /directory under the presence of showcode. asp files can be utilised by intruders to view the files on the server content.

● Recommended: the best ban/msadc this web directory anonymous access is proposed to delete this Web directory.

● Workaround: remove showcode. the asp file.

5 9. _vti_inf.html

● Type: information type

● Risk level: medium

● Description: The Web root directory exists _vti_inf. the html file, the file is a Frontpage extention server feature,contains a series of Frontpage Extention Server of important information; and Frontpage Extention server is one of the many vulnerabilities of the Web service, use it intruder may be to directly modify the home page file.

● Advice: use ftp and other ways to upload web page files.

● Solution: uninstall Frontpage Extention Server.

6 0. index. asp::$DATA

● Type: information type

● Risk level: medium

● Description: the ASP program’s source code can be suffix+::$DATA method of viewing, so the intruder can try to search to the server a database password and other important information:

● Recommendation: we recommend that attention to Microsoft’s latest on the codeview patch and security Bulletin.

● Solution: installation services pack6 or patching procedures:

ftp://ftp.microsoft.com/bussys/iis/iis-
public/fixes/chs/security/fesrc-fix/

6 1. main. asp%8 1

● Type: the attack type

● The level of risk: low

● Description: the ASP program’s source code can be suffix+%8 1 method of viewing, so the intruder can try to search to the server a database password and other important information.

● Recommendation: we recommend that attention to Microsoft’s latest on the codeview patch and security Bulletin.

● Solution: installation services pack6 or patching procedures:

ftp://ftp.microsoft.com/bussys/iis/iis-
public/fixes/chs/security/fesrc-fix/

6 2. showcode. asp_2

● Type: information type

● Risk level: medium

● Description: in/msadc/Samples/SELECTOR/directory under the presence of showcode. asp file with the following path:

http://www.xxx.com/msadc/Samples/SELECTOR/showcode.asp?
source=/msadc/Samples/…/…/…/…/…/the boot. ini

You can check to boot. the ini File content, in fact the intruder can use this ASP to view on the system all start the http users have permission to read the file:

● Recommended: the prohibition on the/msadc directory for anonymous access.

● Workaround: move the Web directory of the showcode. asp deleted or removed.

Please go to the following address query patch program:

Internet Information Server:
ftp://ftp.microsoft.com/bussys/iis/iis-public/fixes/usa/Viewcode-fix/Site Server:
ftp://ftp.microsoft.com/bussys/sitesrv/sitesrv-public/fixes/usa/siteserver3/hotfixes-
postsp2/Viewcode-fix/
http://www.microsoft.com/security/products/iis/checklist.asp

6 3. ism.dll

● Type: the attack type

● The level of risk: high

● Description: in the/scripts/iisadmin/directory under the presence of the ism. dll file,this file has an overflow error that allows an intruder to execute on the server any one section of the program; in addition to. The attacker can always make the server’s WWW service to die off.

● Recommended: disable the/scripts directory for anonymous access.

● Solution: 删除/scripts/iisadmin/ism.dll or, open the IIS Management Console, select Default Web site, right-click, select【Properties】, click the“home directory”, in the initial click that line, click the“Configure”button, the“. htr”application mapping entry to delete.

6 4. codebrws. asp_2

● Type: information type

● Risk level: medium

● Description: in/iissamples/sdk/asp/docs/below the presence of codebrws. asp file with the following path:

http://www.xxx.com/iissamples/exair/howitworks/codebrws.asp?
source=/index. asp

You can view the TO index. asp source code. Virtually any ascii file can be browse.

● Recommendation: delete called/iissamples/Web directory.

● Solution: in the Web directory of the codebrws. asp deleted or removed.

Please go to the following address query patch program:

Internet Information Server:
ftp://ftp.microsoft.com/bussys/iis/iis-public/fixes/usa/Viewcode-fix/Site Server:
ftp://ftp.microsoft.com/bussys/sitesrv/sitesrv-public/fixes/usa/siteserver3/hotfixes-
postsp2/Viewcode-fix/
http://www.microsoft.com/security/products/iis/checklist.asp

6 5. uploadn. asp

● Type: the attack type

● The level of risk: high

● Description: in the/scripts/tools directory under the presence of the uploadn. the asp program, as long as the intruder has a available account, even the Guest account, you can upload any file to the Web directory, in addition to the alternative home page, you can further control your entire system.

● Recommendation: delete the named/scripts of the web directory.

● Workaround: remove uploadn. the asp file.

6 6. uploadx. asp

● Type: the attack type

● The level of risk: high

● Description: in the/scripts/tools directory under the presence uploadx. the asp program, as long as the intruder has a available account, even if it is Guest number, you can upload any file to the Web directory, in addition to the alternative home page, you can also further control the entire system.

● Recommendation: delete the named/scripts of the web directory.

● Workaround: remove uploadx. the asp file.

6 7. query. asp

● Type: the attack type

● The level of risk: low

● Description: in/IISSAMPLES/ExAir/Search/directory exists query. asp file, this file has a vulnerability if the attacker, the consequences will cause CPU usage to reach 1 0 0%, the machine speed will be significantly slower.

● Recommended: the ban on/iissamples Directory Access.

● Workaround: remove the query. the asp file.

6 8. advsearch. asp

● Type: the attack type

● The level of risk: low

● Description: in/IISSAMPLES/ExAir/Search/directory exists query. asp file,this file has a vulnerability if the attacker, the consequences will cause CPU usage to reach 1 0 0%, the machine speed will be significantly slower.

● Recommendation: prohibited/iissamples Directory Access.

● Workaround: remove advsearch. the asp file.

6 9. search. asp

● Type: the attack type

● The level of risk: low

● Description: in/IISSAMPLES/ExAir/Search/directory under there search. asp file, this file has a vulnerability if the attacker, the consequences will cause CPU usage to reach 1 0 0%, the machine speed will be significantly slower.

● Recommendation: prohibited/iissamples Directory Access.

● Solution: delete the search. the asp file.

7 0. getdrvrs.exe

● Type: the attack type

● Risk level: medium

● Description: This exists in the/scripts/tools directory under the getdrvrs. the exe file allows any user in the web root directory create any files,and create ODBC data source.

● Recommendation: prohibited/scripts/tools directory of the anonymous access.

● Workaround: remove getdrvrs. exe file.

7 1. newdsn.exe

● Type: the attack type

● Risk level: medium

● Description: This exists in the/scripts/tools directory under the newdsn. the exe file allows any user in the Web root directory create any files, such as:

http://xxx. xxx. xxx. xxx/scripts/tools/newdsn. exe? driver=Microsoft%
2BAccess%2BDriver%2B%2 8*. mdb%2 9&dsn=Evil2+samples+from+microsoft&dbq=…%2F…%2Fwwwroot%
2Fevil2. htm&newdb=CREATE_DB&attr=

● Recommendation: prohibited/scripts/tools directory of the anonymous access.

● Workaround: remove newdsn. exe file.

7 2. showcode. asp_3

● Type: information type

● Risk level: medium

● Description: in/iissamples/exair/howitworks/presence code. asp files, an intruder using the file you can view the server hard disk on any one of the ASCII file contents, and display the asp program file of source code.

● Recommendation: prohibited/iissamples web directory anonymous access.

● Workaround: remove showcode. the asp file.

7 3. aexp. htr

● Type: the attack type

● Risk level: medium

● Description: in the/iisadmpwd directory presence aexp. htr file, there are similar aexp2. htr, the aexp3. htr and aexp4b. htr, etc., these files allow the attacker to use brute-force method and other ways to hack and modify the NT user’s password.

● Recommendation: it is recommended to disable the/iisadmpwd Directory Access.

● Workaround: remove aexp. the htr file.

7 4. aexp2. htr

● Type: the attack type

● Risk level: medium

● Description: in the/iisadmpwd directory presence aexp2. htr file, there are similar aexp2. htr, the aexp3. htr and aexp4b. htr, etc., these files allow the attacker to use brute-force method and other ways to hack and modify Windows NT user’s password.

● Recommendation: it is recommended to disable the/iisadmpwd Directory Access.

● Workaround: remove aexp2. the htr file.

7 5. aexp3. htr

● Type: the attack type

● Risk level: medium

● Description: in the/iisadmpwd directory presence aexp3. htr file, there are similar aexp2. htr, the aexp3. htr and aexp4b. htr, etc., these files allow the attacker to use brute-force method and other ways to hack and modify Windows NT user’s password.

● Recommendation: it is recommended to disable the/iisadmpwd Directory Access.

● Workaround: remove aexp3. the htr file.

7 6. aexp4b. htr

● Type: the attack type

● Risk level: medium

● Description: in the/iisadmpwd directory presence aexp4b. htr file, there are similar aexp2. htr, the aexp3. htr and aexp4b. htr, etc., these files allow the attacker to use brute-force method and other ways to hack and modify Windows NT user’s password.

● Recommendation: it is recommended to disable the/iisadmpwd Directory Access.

● Workaround: remove aexp4b. the htr file.

7 7. achg. htr

● Type: the attack type

● Risk level: medium

● Description: in the/iisadmpwd directory presence aechg. htr file, there are similar aexp2. htr, the aexp3. htr and aexp4b. htr, etc., these files allow the attacker to use brute-force method and other ways to hack and modify Windows NT user’s password.

● Recommendation: it is recommended to disable the/iisadmpwd Directory Access.

● Workaround: delete the achg. the htr file.

7 8. ExprCale. cfm

● Type: the attack type

● Risk level: medium

● Description: the Coldfusion Web directory:/cfdocs/expeval/ExprCalc. cfm file, this file has a vulnerability allows the user to read the server on the hard disk of any file including a database of user passwords the sam file.

● Recommendation: delete the associated files.

● Workaround: remove ExprCalc. cfm file.

7 9. getfile. cfm

● Type: the attack type

● Risk level: medium

● Description: the Coldfusion web directory:/getfile. cfm file, this file has a vulnerability allows the user to read the server on the hard disk of any file including a database of user passwords the sam file.

● Solution: remove the getfile. cfm file.

8 0. x. htw

● Type: information type

● Risk level: medium

● Description: IIS4. 0 there is an application mapping htw—>webhits.dll this is for the Index Server the click function. Despite not running Index Server, the mapping is still valid. This application maps the presence of vulnerabilities, allowing intruders to read local files on the hard disk, the database file and ASP source code.

● Recommendation: we recommend that in the IIS Console to remove unwanted application mapping.

8 1. qfullhit. htw

● Type: information type

● Risk level: medium

● Recommendation: we recommend that in the IIS Console to remove unwanted application mapping.

8 2. iirturnh. htw

● Type: information type

● Risk level: medium

● Recommendation: we recommend that in the IIS Console to remove unwanted application mapping.

JSON