Windows 2003 Enterprise Edition IIS6. Research on vulnerability of ASP directory implementation

Source: Internet
Author: User
Tags iis
The day before I wrote this article, I found a bigger loophole in IIS6, it made me happy for 24 hours. Unfortunately, the loophole was manually configured by me. The implementation method is to change the ASP suffix to jpg suffix, copy jpg to the IIS publishing directory, and find that the ASP code in JPG will execute correctly. See how I configured the error, this method can also be used to configure the back door.
Windows 2003 Enterprise Edition is Microsoft's new operating system. Windows 2003 IIS6 An error processing the folder extension, resulting in a JPG image placed in the directory that automatically executes the ASP code. When the jpg suffix file contains ASP code will be executed. Of course it's not just a jpg suffix.

IIS6 in the processing of URLs containing special symbols will be masked, the default does not support ASP script operation, relative WIN2000 to be more secure. After several days of efforts to find a new. asp suffix folder, the ASP Trojan file in this folder, ASP files can be used jpg suffix. Does not affect the ASP code running in JPG.

Windows IIS5 handles JPG images that contain HTML and ASP code that only executes HTML code and does not execute the ASP code in a JPG picture. So there is no such vulnerability in Windows IIS5. This vulnerability is clearly caused by the file name at the end of the. asp, which belongs to the IIS6 design flaw.

The steps to manually enable ASP scripting are as follows: Click Internet Information Services (IIS) Manager Àweb service Extensions by enabling Active Server Pages to enable your server to run ASP scripts.

Welcome more friends to communicate with me, thank Haiyang top of the network to write ASP Trojan Horse.

If you copy Microsoft this flaw, please keep the discovery author related content ... thank you! Originally this article authorized hacker x file release, but found that many people modify the original author to become someone else's work.
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.