Shulou(Shulou.com)06/01 Report--

Today, I will talk to you about how to analyze vulnerabilities in IIS6.0 middleware, which may not be well understood by many people. in order to make you understand better, the editor has summarized the following content for you. I hope you can get something according to this article.

First, create a new 1.asp file, the content is:, put into the IIS6.0 server.

2. Access 192.168.1.152:8011/1.asp, access it successfully and get the current time

Third, modify 1.asp to 1.asa, and then visit 192.168.1.152:8011/1.asa. Except * .asa, * .cer * .cdx will be parsed into asp files, thus bypassing the upload mechanism.

Fourth, modify 1.asp to 1.aspscape 1.jpg, and then visit 192.168.1.152pur8011and1.aspter.jpg, this malformed file name is directly ignored after ";", so it will also be executed as * .asp file, thus bypassing the upload mechanism.

Files in the folder named * .asp will be executed as ASP files. Create a new folder named 1.asp, then modify the above 1.asp file to 1.txt and place it in the 1.asp folder, then access 192.168.1.152:8011/1.asp/1.txt and successfully parse into an asp file.

After reading the above, do you have any further understanding of how to resolve vulnerabilities in IIS6.0 middleware? If you want to know more knowledge or related content, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.