Windows 2 0 0 3 Enterprise Edition and IIS6 . ASP directory to perform defect-vulnerability warning-the black bar safety net

ID MYHACK58:62200714278
Type myhack58
Reporter 佚名
Modified 2007-02-27T00:00:00


Writing this article a few days ago I found a IIS6 greater vulnerability,to make me happy for a whole 2 to 4 hours. It is a pity that vulnerability is my manual configuration. Method to achieve is the ASP drop out instead of JPG drop out,the JPG is copied to IIS publish directory,find JPG in the ASP code will execute correctly. See how I configured the error, this method can also be used to configure the back door.

Windows 2 0 0 3 Enterprise Edition is Microsoft a newoperating system. Windows 2 0 0 3 IIS6 processing folder extension of the time of the error, the result placed in the directory of JPG images will automatically execute the ASP code. When the JPG drop out of the file containing the ASP code will be executed. Of course, not just JPG drop out.

IIS6 in the treatment containing a special symbol of URL will be masked by default does not support ASP script to run,relative to the WIN2000 to safety. After a few days of effort to find a new one. asp drop out of the folder, the asp Trojan file in the folder, the asp file can use the JPG drop out of. Does not affect the JPG in the ASP code to run.

Windows 2 0 0 0 IIS5 process JPG images as contains the Html and ASP code that will only execute the Html code, and does not perform the JPG in the ASP code. So Windows 2 0 0 0 IIS5 does not have this vulnerability. This vulnerability is clearly made. asp at the end of the file name for the lead, belonging to the IIS6 design defects.

Manually enable the ASP script as follows:click Internet Information Services(IIS)Manager àWEB services à enable Active Server Pages after you've enabled your server can run ASP scripts.

Welcome more friends to communicate with me, thank Haiyang top network Write of the asp Trojan.