In-depth discussion on the execution of * .exe files in the browser 2000-10-14
From chinaasp.com
One: Can I really execute a command file in the browser? The answer is yes. (Wow, Cool Lord! Can ...) But don't be happy, you can only perform server-side, and you must be authorized. Otherwise the server is too easy to black. Who dares to see who I will format anything. (I really hope, always hacking black server, also the server is black. Haha!)
Two: How did he be implemented. Is it ASP file? At the server-side execution file is implemented by SSI, the server side contains the meaning (not SSL), and the #include we often use is one of the instructions included in the server side. However, this time to introduce is --------- # exec. That is, he can implement the server execution instruction. However, this time he can't use the .asp file. It can only be used with .stm, .shtm and .shtml. (Very familiar) and can explain the execution of them is SSINC.DLL. So, the code you write must be saved into .STM and other formats to ensure that the server can perform.
Three: How to implement it? I finally started discussing substantive issues. Its syntax is: CommandType is a parameter, he has two optional types: 1.cgi runs an application. Such as CGI scripts, ASP, or ISAPI applications. The CommandDescription parameter is a string. This string contains the virtual path of the application, follows one question mark and any parameter transmitted to the application, and the parameters are separated by the plus sign ( ). He is the most useful parameter of #exec command, and most of the reasons exist in the #EXEC command. He can handle authorized CGI scripts, or isapi applications. Microsoft creates this command in order to compatible with some early ISAPI applications. We know that Microsoft's early Web applications are interpreted by ISAPI, and are also compatible with the CGI program. You can now find CGI-BIN directory in your web root directory. We can explain the examples. This command can be seen frequently on some UNIX hosts. Now we can use him in your own. SHTML. Of course, if the server is allowed. There is also a type of program: This command will start a process outside the process to explain and dynamically output information to the web page. . This way is not common. But you can still see it in some websites.
2.cmd parameter. He is the most terrible parameters in the #EXEC command, and most of the reasons for the #EXEC command prohibits usage. He is also a weapon for our netizens to achieve final fantasy. unfortunately. It is difficult to get our fantasy (such as de ..., fo ....). Almost impossible. It is Microsoft's instructions for CMD parameters, you must read it! CMD runs shell command. The CommandDescription parameter is a string, which contains the complete physical path of the shell command, and then following any command line parameters separated by spaces. If you do not specify a full channel, the web server will search the system path. By default, the instruction is disabled because it will cause security on the Web site; for example, the user may use the format command to format your hard drive. I suggest that it is recommended because Microsoft is not recommended to use this command. However, if you are an administrator of the server, you can try it. You can create a new Test.SHTML file. Then set an order at the first line. 'NT in a help file (not dangerous). Or give a try! The display memory is displayed under Window98. (Not dangerous) Then you set its permissions as scripts in this virtual directory, or executive. Finally, you can enter this address http://localhost/xxx/test.shtml in your browser if you see the browser to enter information. So, congratulations. You have tried success.
Four: Final fantasy! (It is best not to try. If there is a problem, I have nothing to do! I don't answer the corresponding problem)
What if we want to do multiple commands? So close your eyes, look down, first, you open the registry editor (remember to back up first), then find key_local_machine / system / currentcontrolset / service / w3svc4 'may also be W3SVC / Parameters to choose New a DWord value ssienablecmdiRect The two values are 0, 1. Here are the description of Microsoft. The server-side #EXEC CMD command includes an executable housing command. Strong sites hoped to close this value to 0 to close the #EXEC CMD command, and use this as an additional security, especially when the user is allowed to place the file to the server. By default, this value does not exist in the registry; to allow this command to perform the housing command, you must first create this value and set the value to 1.