Build IIS to find an ASP program vulnerability
Author: X.U.S.T
The teacher is happy to be happy: all the rookie, "teacher turns, today to my home" ! The students: dizzy, say so easy, is it a teacher? What? Teacher anger: What? Hey, don't give you some color to see if you don't know, I can be a teacher! Small A, small K, see you two expressions, is it dissatisfied? Let me believe that I have two personal homepage DDOS now? Small A and small K: sweat ... The personal homepage must be DDoS ... you are jealous! I can't afford it? ! The teacher is proud: I am good, if I don't accept the teacher, I still say what this lesson is? Ok, now start class! Student D: Teacher, what is it today? "Halo, yesterday, I just remembered today, I was a teacher, I actually forgot to prepare a class ..." The teacher secretly sent cold sweat, but the teacher saw a wide range of knowledge, it is difficult, "this, since I do this teacher's self-feeling Of course, I am not afraid that everyone is looking for all kinds of questions. Now I am discussing you for 5 minutes. What is it difficult to ask for teachers today! "Students discussed ... 5 minutes passed, students F summed up the results of the discussion: Teacher Now the way the website management system is very good, everyone is using this to do their own website, powerful. I don't know if there is a lot of vulnerabilities that can be used? Teacher: Well, since everyone is exciting, let's take a look. Three products that are easy to produce: MyPower, FreePower and Poweerasy are all very good stuff, you can use them very easy to complete your personal website, the production, development of the company's website, now the way is more than just a single article. Management system, now you can even do download, picture website! It is because of such powerful, now there are more and more people with this system! For example, we often go to WWW.77169.com that is used by this system. "Teacher, don't say this, we all have any functions, don't be interested, we want to know if it is black?" "Hey, you, you know how to do bad things ..." Teacher told the table Laptop, to the official website www.asp163.net downloads the latest "Different Website Management System VER4.03", "In order not to damage the website of others, we will explain this test environment in this unit." "Teacher , The downloaded file is ASP, how to open it? Is it a notepad? "Student Xiao Z carefully asked. "Halo, in my rookie hacker learning class, there is still such a student, counting my grand prize, look back, I will buy lottery tickets", the teacher is really helpless, actually asked how the ASP file is opened ... "Then I am old." Old real teach you. We usually look at the website online, mostly HTML and ASP pages, as for HTML, I don't explain, this classmate in our class understands, and ASP is somewhat different, it is in remote The server is executed. For example, we browse the Microsoft website an ASP page, some scripts of the page are executed in the Microsoft server, returning to us the result of the HTML form. Use ASP to easily make dynamic functionality pages.
"So how can we browse the ASP website?" Microsoft gave us a simple and easy program - use IIS to do a web server, the default supports ASP, you can select 'Add / Remove Windows Components' in the' Add / Remove Windows Components' in the Control Panel, and then in 'Internet Information Serving "there is a choice, the next step knows it. After completing, go to 'Program - Management Tool -Internet Service Manager', generally we can select 'Default Web Site' in local testing, of course, you can also create a new site yourself. The following is the main interface of IIS: Select 'attribute', we have three places to set, 1, 'Web site', in the 'IP address', choose your own computer IP; 2, 'Home Directory' you need to " Local path 'Here you can download the directory after downloading the files you downloaded. Of course, if you want to be lazy, you can extract your ASP file to the wwwroot directory below the INETPUB below the system disk; 3,' Document 'is responsible for setting up your website The default display file of the primary directory or the secondary directory, such as you add a 'index.asp', then call the contents of this file when you open a folder by default. "" I can set this home file is my name? " ", Small A ask", for example, set A.htm or A.ASP? "Of course, as long as the document is added to this home, if you add these two, which one is above, which one is executed, there is a priority order" teacher said. "Default, we download ' Website management system VER4.03 'Home file is index.asp, we can add index.asp in' document '. Below we decompress the package, copy the files in the 'Free Edition' to the wwwroot folder, of course, you can also specify a folder, better security. "Teacher, say, when can the website can see! "" Don't be anxious, " You can enter: http: //192.168.1.9/install.asp, the program prompts you to enter the name of the website, copyright Remember to delete install.asp after executing, otherwise it will be used by people who are interested in. "I know, the teacher!" and then? "A bunch of small dishes stare at the teacher with the eyes of the expectation." Then? " Open your browser, enter your IP, you can see the website! "Sure enough, you can!" Add articles now! "Small C, Xiao D is excited." But ... "The teacher deliberately slowed down the speed of speech." But what kind of teacher? " Can you still run? "Of course, you can run, but today I said so much mainly to give you how to get the path of this article system, physical path.
This is a vulnerability just discovered, I haven't told others! "The people have come to the spirit," the teacher said! "Well, things are like this, now you register a account everywhere, then you will post an article, you will have the page you want to enter the article content, see a prompt box for you to upload the file is not ? "" Just right between the 'Browse' and 'Upload' two buttons, the right mouse is right, see the source code, find the following lines:
