Windows 2003 Enterprise Edition IIS6. Research on vulnerability of ASP directory implementation

The day before I wrote this article, I found a bigger loophole in IIS6, it made me happy for 24 hours. Unfortunately, the loophole was manually configured by me. The implementation method is to change the ASP suffix to jpg suffix, copy jpg to the IIS publishing directory, and find that the ASP code in JPG will execute correctly. See how I configured the error, this method can also be used to configure the back door.
Windows 2003 Enterprise Edition is Microsoft's new operating system. Windows 2003 IIS6 An error processing the folder extension, resulting in a JPG image placed in the directory that automatically executes the ASP code. When the jpg suffix file contains ASP code will be executed. Of course it's not just a jpg suffix.

IIS6 in the processing of URLs containing special symbols will be masked, the default does not support ASP script operation, relative WIN2000 to be more secure. After several days of efforts to find a new. asp suffix folder, the ASP Trojan file in this folder, ASP files can be used jpg suffix. Does not affect the ASP code running in JPG.

Windows IIS5 handles JPG images that contain HTML and ASP code that only executes HTML code and does not execute the ASP code in a JPG picture. So there is no such vulnerability in Windows IIS5. This vulnerability is clearly caused by the file name at the end of the. asp, which belongs to the IIS6 design flaw.

The steps to manually enable ASP scripting are as follows: Click Internet Information Services (IIS) Manager Àweb service Extensions by enabling Active Server Pages to enable your server to run ASP scripts.

Welcome more friends to communicate with me, thank Haiyang top of the network to write ASP Trojan Horse.

If you copy Microsoft this flaw, please keep the discovery author related content ... thank you! Originally this article authorized hacker x file release, but found that many people modify the original author to become someone else's work.