Environment: 2 kserver + iis5 succeeded. The default permission is iusr.
Iis permission: script executable Description: by default, the server. createobject method can be used to use installed components on 2 k servers.
For example, we all know the ADO database controls, but apart from these dedicated components
Some components that are provided to the system, such as WSH and FSO, can be used in the same way,
Of course most asp backdoors now use them, so some network administrators delete or change the CLSID values of these two components in the registry.
To disable them. Of course, some of them are directly uninstalled in "add and delete programs" in "Control Panel.
However, the shell. application Component I use is a server component that is originally considered safe (or some people do not know about it ),
You can find it in MSDN through shell object. This component has nothing to do with WSH and FSO. What can we do with it?
We can browse the directory, copy the directory, move and get the file size, or execute an existing Program (bat, exe, hta)
However, parameters cannot be added.
What permissions do we need to perform these operations:
1. We need to be able to upload ASP files to the script executable directory.
2. the permissions on the server's hard disk should be fully controlled by the default everyone
3. This component has not been deleted)
The following is an example I wrote: shell backdoor. A new backdoor is required if it is not a vulnerability.
Physical path of the program:
"Method =" POST ">
Enter the directory to browse
Copy
Move
Path:
Program:
Adam posted on:
Message: 2255
Registration:
It should not be counted as a vulnerability. You must know that none of the FileSystem objects in the past said this was a vulnerability ..
I didn't take a closer look at your code. It should be something similar to FileSystem Object, so I don't think it is a vulnerability, but I will remind others later
Cacls % systemroot % \ system32 \ shell32.dll/e/d guests