Environment: Successful in 2kserver+iis5, permission default iusr permission
iis permission: script executable Description: The default method can be used on a 2K server to use installed components.
For example, the ADO database controls that everyone knows, but in addition to these specially provided components,
There are also some components that were originally provided to the system for use, such as WSH and FSO, which can also be used in the above method.
Of course, most of the Asp backdoors now use them, so some network administrators delete or change the CLSID values of these two components in the registry.
To disable them, of course, some of them are uninstalled directly in the "Add and Remove Programs" in the "Control Panel".
But now the components I use are server components that I originally thought were secure (or some people don’t know about it at all).
It can be found in MSDN via shell object. This component has nothing to do with WSH and FSO. What can we do through it?
We can browse the directory, copy the directory, move it and get the file size, or execute existing programs (bat, exe, hta)
However, parameters cannot be added.
What permissions do we need to execute these:
1. We need to be able to upload ASP files to the script executable directory
2. If the permissions of the hard disk on the server are fully controlled by everyone
3. This component has not been deleted (exhaust to call)
Below is the example I wrote, just call it shell backdoor. I think it is a new backdoor even if it is not a loophole.
The physical path where the program is located:
" method="POST">
Enter the directory to browse
copy
move
Path:
program:
Adam Posted on: 2002-08-03 12:01
Posted: 2255
Registration: 1999-08-29
It should not be considered a vulnerability. You should know that no one said that the FileSystem Object was a vulnerability...
I haven't looked at your code carefully. It should be something similar to FileSystem Object, so I don't think it's a vulnerability, but I will remind others in the future
cacls %systemroot%\system32\ /e /d guests
iis permission: script executable Description: The default method can be used on a 2K server to use installed components.
For example, the ADO database controls that everyone knows, but in addition to these specially provided components,
There are also some components that were originally provided to the system for use, such as WSH and FSO, which can also be used in the above method.
Of course, most of the Asp backdoors now use them, so some network administrators delete or change the CLSID values of these two components in the registry.
To disable them, of course, some of them are uninstalled directly in the "Add and Remove Programs" in the "Control Panel".
But now the components I use are server components that I originally thought were secure (or some people don’t know about it at all).
It can be found in MSDN via shell object. This component has nothing to do with WSH and FSO. What can we do through it?
We can browse the directory, copy the directory, move it and get the file size, or execute existing programs (bat, exe, hta)
However, parameters cannot be added.
What permissions do we need to execute these:
1. We need to be able to upload ASP files to the script executable directory
2. If the permissions of the hard disk on the server are fully controlled by everyone
3. This component has not been deleted (exhaust to call)
Below is the example I wrote, just call it shell backdoor. I think it is a new backdoor even if it is not a loophole.
The physical path where the program is located:
" method="POST">
Enter the directory to browse
copy
move
Path:
program:
Adam Posted on: 2002-08-03 12:01
Posted: 2255
Registration: 1999-08-29
It should not be considered a vulnerability. You should know that no one said that the FileSystem Object was a vulnerability...
I haven't looked at your code carefully. It should be something similar to FileSystem Object, so I don't think it's a vulnerability, but I will remind others in the future
cacls %systemroot%\system32\ /e /d guests