IIS漏洞 - 小灰博客

Tag 文档归类: IIS漏洞

如何利用IIS解析漏洞上传图片木马

文章来源：小灰博客| 时间：2014-09-26 11:50:36| 作者：Leo　| 5 条评论

简单的叙述一下IIS解析漏洞给网站带来的隐患，利用上传图片的方式就可以拿下你的目录！

第一种：在网站目录下建立任何 *.asp或者*.php 文件夹（也就是 aa.asp或者shell.php之类，有的可能PHP不支持，下面也是）文件夹，其目录下的所有文件都会被当做asp或者php脚本文件去执行，也就是说：它目录下的abc.jpg 都会被当做脚本文件去解析。

这样就非常可怕了。当用户用记事 [Read More…]

查看该文章 » 文章分类：ASP、IT技术分享、PHP、安全技术标签： IIS+PHP、IIS漏洞、Windows

分类

Android (4)
ASP (4)
HTML (29)
IOS (8)
IT技术分享 (161)
Javascript (21)
MYSQL (12)
Photoshop (1)
PHP (71)
SEO (4)
Windows (17)
其他 (34)
安全技术 (19)
小技巧 (47)
小灰闲谈 (11)
心情随写 (9)
程序囧事 (44)

随便看看

最新评论

We send a gift from us. Receive > https://telegra.ph/Message--2868-12-25?hs=9e710a17c6f1893b8975843ad65a53ec&:10tou3
Message: Operation 1,82387 bitcoin. Continue >>> https://telegra.ph/Message--2868-12-25?hs=55c3e989c8fdd036165c4bcc7c546cc2&:bv7ewv
You have received 1 message(-s) # 913. Go >> https://telegra.ph/Message--2868-12-25?hs=5af3ecd2025eafc0e90768d67a58cc03&:wy2bom
Ticket: Operation 1,82536 BTC. Assure >>> https://telegra.ph/Message--2868-12-25?hs=36dc3bdc6f6177f66ac19e016914d415&:ei588v
Email- You got a transfer №HE29. NEXT >> https://telegra.ph/Message--2868-12-25?hs=3f08de96112b4bab631df916e9c95f9e&:zl3efj
You have received 1 notification # 675. Open > https://telegra.ph/Message--2868-12-25?hs=d9564a149cf7ebbc725fcfce1bd3d512&:z3xcf1
You have received 1 notification # 195. Read - https://telegra.ph/Message--2868-12-25?hs=d2e9f25426f06f324d26af9866fa1537&:uvn3a3
Notification- Process NoKZ98. NEXT >> https://telegra.ph/Message--2868-12-25?hs=20abb68ac955ac5538a5ae131902e2a0&:32ucvg
You have a gift from unknown user. Verify =>> https://telegra.ph/Message--2868-12-25?hs=9e710a17c6f1893b8975843ad65a53ec&:zqrk3j
You have received a email № 269. Go - https://telegra.ph/Message--2868-12-25?hs=81d107938621831ce06bfc98e59470ae&:a18jpg
You have 1 message # 633. Go >>> https://telegra.ph/Message--2868-12-25?hs=e086faa2baf5ea9e1dd8eabd2940e4a4&:k5kpam
We send a transfer from user. Take > https://telegra.ph/Message--2868-12-25?hs=535f4ef40e06658923945a7371dfd566&:zw0yzt
You have a email # 192. Go >> https://telegra.ph/Message--2868-12-25?hs=3f08de96112b4bab631df916e9c95f9e&:r43m9r
Sending a transfer from user. Assure =>> https://telegra.ph/Message--2868-12-25?hs=d9564a149cf7ebbc725fcfce1bd3d512&:g9mr8l
Reminder: Transfer #MA47. RECEIVE > https://telegra.ph/Message--2868-12-25?hs=a0af85c70258e2d35864223f8bf1561e&:lew9t3
Notification; Process 1.8248463 bitcoin. Verify => https://telegra.ph/Message--2868-12-25?hs=9e710a17c6f1893b8975843ad65a53ec&:zlge85
Ticket- You got a transfer #ML30. LOG IN =>> https://telegra.ph/Message--2868-12-25?hs=7ea70154946a3e349dfeeaf28b2468a7&:x5fua7
You have a transaction from unknown user. Assure >>> https://telegra.ph/Message--2868-12-25?hs=3f08de96112b4bab631df916e9c95f9e&:8lds4k
You have 1 message(-s) № 618. Go > https://telegra.ph/Message--2868-12-25?hs=8b618b6f3e2558ea545b01f25c66ea45&:crsdu6
You have 1 message # 855. Read >>> https://telegra.ph/Message--2868-12-25?hs=1d869d5a917cbf0e695c5782af266195&:pplh92

链接表