Microsoft IIS is parsing the file name“x. asp;x.jpg/x.php;x.jpg”vulnerability-vulnerability warning-the black bar safety net

2009-09-18T00:00:00
ID MYHACK58:62200924694
Type myhack58
Reporter 佚名
Modified 2009-09-18T00:00:00

Description

|

Microsoft IIS is parsing the file name“x. asp;x.jpg/x.php;x.jpg”vulnerability


When the file is named x. asp;x. jpg, Microsoft IIS will automatically to the asp format to be parsed. 而 当 文件 名为 x.php;x. jpg, Microsoft IIS will automatically in php format to be parsed.

So we just upload after x. asp;x. jpg such a form, you can perform our horses, tested, x.php;x. jpg is also possible to perform the