IIS5.0 server web directory structure information (MS, defect)

zhaozj2021-02-08  255

Recommended procedures:

Microsoft Internet Information Server 5.0

description:

IIS5.0 allows users to touch their Web directory structure and physical paths

detailed:

We know, in IIS4.0, as long as you don't play Services Pack5, enter this path under WWW:

http://www.xxx.com/*.idc

Will appear:

**************************************************

Run query error

Unable to open the query file E: / Web / *. IDC. May be that the file does not exist or the permissions you need to open the file.

**************************************************

This is already supplemented in SP5.

However, in IIS5.0, this problem has taken out, such as Microsoft's homepage:

http://www.microsoft.com/vstudio/1.idq

Will appear:

*********************************************************** *************

The IDQ file d: /http/products/developer/devonly/prodinfo/vstudio/1.idq could not be found.

*********************************************************** *************

http://www.microsoft.com/1.ida

Will appear:

*********************************************************** *************

The IDQ file d: /http/1.idq could not be found.

*********************************************************** *************

* .idq and * .ida can

This is an information vulnerability, which makes it easy to invade the structure of the Web website, which greatly facilitates its modification of the homepage.

solution:

Open the IIS Management Console, select the Web site-attribute, on the "primary directory", at the "Configuration" button at the starting point, delete the mapping of IDA and IDQ. If you must use, double-click the map of IDA or IDQ, check "Check if there is" hook ", determine, exit

Security recommendations:

For useless applications mapping, it is recommended to delete

转载请注明原文地址:https://www.9cbs.com/read-1327.html

New Post(0)