Research on vulnerability description and vulnerability of Shell.Application object
Source: Internet
Author: User
Environment: Successful in 2KSERVER+IIS5, permissions default IUSR permissions
IIS permissions: Script executable Description: On a 2K server, you can use the Server.CreateObject method to work with installed components by default.
For example, you know the ADO database control, but in addition to these specially provided components
There are also some components that are intended to be used by the system such as WSH,FSO they can also be used in the above method,
Of course now most of the ASP backdoor use them, so some network management to delete or change the registry of these two components of the CLSID value
To disable them and, of course, uninstall them directly in the Add-Remove Program in Control Panel.
But now the Shell.Application component I'm using is a server component that I thought was secure (or someone who didn't even know it),
It can be found by using Shell object in MSDN. This component is not related to WSH,FSO. What can we do with it?
We can browse directories, copy directories, move and get file sizes, and execute existing programs (Bat,exe,hta)
But you can't add parameters.
What permissions do we need to perform these:
1. We want to be able to upload ASP files to the script executable directory
2. The permissions on the hard disk on the server if the default everyone has Full Control
3. This component has not been deleted (crap)
Here is the example I wrote to call it shell backdoor bar, I think no loophole also want to calculate a new backdoor.
The physical path where the program resides:
"method=" POST ">
Enter the directory you want to browse
Copy
Move
Path:
Program:
Adam Posted in: 2002-08-03 12:01
Post: 2255
Registration: 1999-08-29
Should not calculate the loophole, want to know the filesystem object of that year also nobody said this is loophole ah.
I did not look at your code, it should be similar to filesystem object, so I do not think it is a loophole, but I will remind others
cacls%systemroot%\system32\shell32.dll/e/d Guests
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
