Home > Cloud Computing > Cloud Security

Go through the smart innovation IIS Firewall

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

 

A few days ago, the RILL in the group asked me about how to bypass the IIS firewall and get the SHELL smoothly. Today, I occasionally encountered such a firewall and looked at it.

As follows:

 

The current webpage is temporarily inaccessible (blocking hard drive directory file filtering)

Cause of access failure:

The server administrator has enabled the hard disk directory file filtering Interception Function.

Solution

Contact the server administrator to query the firewall log file to view the details. If it is an error
Intercept. Check the configured interception rules or add this directory or file to the whitelist.

Bytes -------------------------------------------------------------------------------------

Technical Information (provided for server administrators)

If you want to customize the error page prompt information, modify the Server HTML template file.

Bytes -------------------------------------------------------------------------------------

Product Support Service

Professional firewall, Free Download trial http://www.zcnt.com

The above is the information returned by malicious code on the wall.

So which character or format does the firewall drop? This firewall is free of charge. You can continue to study it. For the sake of convenience, I tried the method and did not study it specially.

When the IIS parsing vulnerability is exploited, it is regarded as a malicious script and thus caused by the wall.

Let's see: how to avoid a wall.

If a file is replaced with a file, and the upload is truncated, the danger of being damaged by the wall can be bypassed.

Analysis: Maybe this is the reason for smart innovation, because it is a firewall designed only for IIS and not for files, so it bypasses the IIS folder, there may be some gains on the files in the directory. In fact, the IIS parsing vulnerability is also a truncation method. I do not know that this .asp;.swf should not be regarded as an IIS resolution vulnerability or be counted as a cut-off ....

From: zgg Space

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
iis web application firewall hbo go on lg smart tv 2017 go smart mobile customer service phone number go smart mobile customer service phone number hbo go app lg smart tv get hbo go on lg smart tv cujo smart internet security firewall review
Related Article
How does personal cloud security guarantee data security?
Model-driven cloud security-automating cloud security with cl...
Cloud security to achieve effective prevention of the future ...
Focus on three major cloud security areas, you know?
Decrypting Cisco type 5 password hashes
Using redis to write webshell

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More