Website security dog IIS6.0 parse webshell access restrictions bypass

Website security dog IIS6.0 parse webshell access restrictions bypass

Security should be a complete system. If there is a defect in a place, the building will collapse.
When accessing IIS6.0 parsing shells, such as a.asp;.jpg/a.asp;a.jpg, etc., it will be blocked by the website security dog. You can use some trivial methods to bypass the restrictions to execute the uploaded webshell.

The function of dongle is described as follows:

 

1. a.asp;.jpg/a.asp;a.jpg will not be blocked.

2XX a.asp;.jpg/a.asp;a.jpg will be blocked.

3. files such as. asp/. asa/. cer/. cdx will be blocked.
 

 

Therefore, it is impossible to directly upload the webshell. You can only upload the IIS parsing shell to break through. Start with the file name.



Windows path + folder name + file name, cannot exceed 260.

Try increasing the file name to the limit:
 

D:\web\pic.asp;aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.jpg

Access:
 

http://localhost/pic.asp;aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.jpg

Still blocked.
 

The English file name cannot be broken through. Please try Chinese.
 

D: \ Web \ Tuen Mun .asp;.jpg access: http: // localhost/Tuen Mun .asp;.jpg

Or blocked.
 

Try adding the Chinese file name to a certain length:
 

Http: // localhost/hosts

 

In actual tests, when the length exceeds 260 (the length is 2 in Chinese), the dongle will lose the truncation defense function (the Chinese character can be placed before and after )......

Of course, the length of Chinese characters cannot be infinitely large, because the URL length required by IIS is limited, an error will be reported if it exceeds.

 

 

Solution:

The dongle team should handle the issue on its own.