The vulnerabilities he say here are vulnerabilities caused by the administrator configuration error.
1. The permissions of the directory should be set reasonable. Otherwise, it will cause web users to browse any directory.
Tool: Web Explorer
http://blog.9cbs.net/iuhxq/archive/2004/12/11/212987.aspx
Use it to view any directory, as long as there is permission. If you see Conn.asp or Web.config. . . . . . . Ha ha. . .
The Database is downloaded (Access). . . See if you still have other vulnerabilities?
2, the account connection account must not give administrator privileges. Otherwise it is very dangerous.
If you know the password of the database from above.
Then we can execute any system commands.
For example: xp_cmdshell 'DIR C: /'
and also
Tasklist
Taskkill
PSList
pskill
Net user
NET User Guest / Active: YES
NET User Hack Hack / Add
Net user Hack / DEL
Net localgruop administrators Hack / Add
Query User
LOGOFF 1
Is these orders horrible? Ha ha. So you must not give the web database to join account management privileges.
3, this is nothing to do with the web server, but it is also a vulnerability.
The general FTP server is set up with Serv-U. Its maximum quota limit is controlled by uploading download traffic. So we can use the web resource manager mentioned above to generate a big file in the ftp, such as 40M, then use FTP to log in, delete this 40M file so your space is 40m (actually you are using. There is less than 40m less space), do more times, look at FTP, the above will display 0M, huh, it is actually saved. More information.
Ok, let me say, thank you for your patience. 886 ~!
