The vulnerabilities mentioned here are vulnerabilities caused by Administrator configuration errors.
1. Set the directory permission properly. Otherwise, web users can browse any directory.
Tools: Web explorer http://blog.csdn.net/iuhxq/archive/2004/12/11/212987.aspx
You can use it to view any directory, as long as you have the permission. If you see conn. asp or web. config ....... Haha...
Otherwise, the database is downloaded (ACCESS... Check whether you have other vulnerabilities.
2. Do not grant administrator permissions to the database connection account. Otherwise it is very dangerous.
If you know the password of the database from above.
Then we can execute any system command.
Example: xp_cmdshell 'dir C :/'
In addition
Tasklist
Taskkill
Pslist
Pskill
Net user
Net user guest/active: Yes
Net user hack/Add
Net user hack/del
Net localgruop administrators hack/Add
Query user
Logoff 1
Are these commands terrible? Haha. Therefore, do not grant the WEB database connection account management permission.
3. This has nothing to do with Web servers, but it is also a vulnerability.
Generally, the FTP server is set up with Serv-U. Its maximum quota is controlled by the upload/download traffic. So we can use the web resource manager mentioned above to generate a large file in FTP, for example, 40 MB, and then use ftp to log in and delete the 40 MB file, in this way, your space will be 40 m more (the actual space you use is 40 m less), and you can do it several times. You can use ftp to check whether 0 m is used, in fact, you saved a lot of information.
Let's just say that. Thank you for your patience. 886 ~!
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.