Microsoft IIS6 解析目录“xxx.asp”漏洞
- 发表于
- Vulndb
发布时间:2010-06-18
影响版本:IIS6.0 or lower
漏洞描述:
1 2 3 4 5 6 7 8 9 |
Application:Microsoft Internet Information Services (IIS) Note:Tested on IIS 6.0 Work successfully ########################################################## hackers build a directory called aaa.asp then aaa.asp directory put a picture inside the Trojans , hackers access aaa.asp/xxx.jpg will be able to access trojan ! Original document: http://blog.pouya.info/userfiles/vul/IIS0day.pdf |
安全建议:
1 |
Upgrade to IIS 7.0 |