Microsoft IIS6 解析目录“xxx.asp”漏洞

  • 发表于
  • Vulndb

发布时间:2010-06-18

影响版本:IIS6.0 or lower
漏洞描述:
Application:Microsoft Internet Information Services (IIS)
Note:Tested on IIS 6.0 Work successfully
##########################################################

hackers build a directory called aaa.asp then aaa.asp directory put a picture
inside the Trojans , hackers access aaa.asp/xxx.jpg will be able to access trojan !

Original document:
http://blog.pouya.info/userfiles/vul/IIS0day.pdf
安全建议:
Upgrade to IIS 7.0