A few days ago when I wrote this article, I discovered a larger vulnerability in IIS6, which made me happy for a full 24 hours. Unfortunately, the vulnerability was manually configured. The implementation method is to change the ASP dropout to JPG dropout, copy the JPG to the IIS release directory, and find that the ASP code in the JPG will be executed correctly. It depends on how I configured the error. This method can also be used to configure the backdoor.
Windows 2003 Enterprise Edition is a newly launched operating system by Microsoft. Windows 2003 IIS6 error occurred while processing folder extensions, causing the JPG picture placed in this directory to automatically execute the ASP code in it. When the JPG file contains ASP code, it will be executed. Of course it's not just JPG.
When processing URLs containing special symbols, IIS6 will be blocked. It does not support ASP scripts by default, and it is safer than WIN2000. After several days of hard work, it is found that a new .asp drop-out folder is created, and the asp * file is placed in this folder. The asp file can be used as JPG drop-out. It does not affect the operation of ASP code in JPG.
If Windows 2000 IIS5 processes JPG pictures with Html and ASP code, it will only execute the Html code, and will not execute the ASP code in the JPG pictures. Therefore, this vulnerability does not exist in Windows 2000 IIS5. This vulnerability is obviously caused by the file name ending at .asp, which is an IIS6 design flaw.
The steps to manually enable ASP scripts are as follows: Click Internet Information Services (IIS) Manager à WEB Service Extension à Enable Active Server Pages After enabling it, your server can run ASP scripts.
More friends are welcome to communicate with me, thank you for the asp * written by Haiyang Top Network.
If you copy this defect of Microsoft, please keep the content related to discovering the author... Thank you! Originally, this article was authorized to be published by hackers X files, but I found that many people modify the original author and turned it into someone else's work. Damn~
Windows 2003 Enterprise Edition is a newly launched operating system by Microsoft. Windows 2003 IIS6 error occurred while processing folder extensions, causing the JPG picture placed in this directory to automatically execute the ASP code in it. When the JPG file contains ASP code, it will be executed. Of course it's not just JPG.
When processing URLs containing special symbols, IIS6 will be blocked. It does not support ASP scripts by default, and it is safer than WIN2000. After several days of hard work, it is found that a new .asp drop-out folder is created, and the asp * file is placed in this folder. The asp file can be used as JPG drop-out. It does not affect the operation of ASP code in JPG.
If Windows 2000 IIS5 processes JPG pictures with Html and ASP code, it will only execute the Html code, and will not execute the ASP code in the JPG pictures. Therefore, this vulnerability does not exist in Windows 2000 IIS5. This vulnerability is obviously caused by the file name ending at .asp, which is an IIS6 design flaw.
The steps to manually enable ASP scripts are as follows: Click Internet Information Services (IIS) Manager à WEB Service Extension à Enable Active Server Pages After enabling it, your server can run ASP scripts.
More friends are welcome to communicate with me, thank you for the asp * written by Haiyang Top Network.
If you copy this defect of Microsoft, please keep the content related to discovering the author... Thank you! Originally, this article was authorized to be published by hackers X files, but I found that many people modify the original author and turned it into someone else's work. Damn~