On iis a few vbs scripts in the permeate in the applied section-Vulnerability warning-the black bar safety net

2010-05-03T00:00:00
ID MYHACK58:62201026832
Type myhack58
Reporter 佚名
Modified 2010-05-03T00:00:00

Description

  1. Query IIS for all sites

C:\WINDOWS\system32>cscript.exe iisweb. vbs /query Microsoft (R) Windows Script Host Version 5.6 Copyright(C) Microsoft Corporation 1996-2001。 ALL RIGHTS RESERVED.

Are connecting to the server ...has been completed. Site Name (Metabase Path) Status IP Port Host

============================================================================== The default Web site (W3SVC/1) STARTED ALL 8 0 N/A

  1. Query the specified website of the virtual directory

C:\WINDOWS\system32>cscript.exe iisvdir. vbs /query w3svc/1/root Microsoft (R) Windows Script Host Version 5.6 Copyright(C) Microsoft Corporation 1996-2001。 ALL RIGHTS RESERVED.

Are connecting to the server ...has been completed. Alias Physical Root ============================================================================== /help D:\web\help /rzzx D:\rzzx

  1. To view the designated website of the path

C:\Inetpub\AdminScripts>cscript adsutil. vbs get /W3SVC/1/root/path Microsoft (R) Windows Script Host Version 5.6 Copyright(C) Microsoft Corporation 1996-2001。 ALL RIGHTS RESERVED.

path : (STRING) “D:\web”

  1. Create a virtual directory and WEBDAV

That is, today, the problems encountered,because the target of the WEB directory are in Chinese,I used this ORACLE injection tool for Chinese support is not very good,has been unable to pass up a word,then go ask a friend,only think of one idea,is to create a virtual directory,set the execution of the script,read,write,directory permissions,and then the word spread to establish virtual directory,you can.