微软的IIS 6.0安装PHP绕过认证漏洞
例:–>
Example request (path to the file): /admin::$INDEX_ALLOCATION/index.php
微软IIS 7.5经典的ASP验证绕过
受影响的软件:.NET Framework 4.0(.NET框架2.0是不受影响,其他.NET框架尚未进行测试)(在Windows 7测试)
详细说明:
There is a password protected directory configured that has administrative asp scripts inside An attacker requests the directory with :$i30:$INDEX_ALLOCATION appended to the directory name IIS/7.5 gracefully executes the ASP script without asking for proper credentials
例:–>
http://<victimIIS75>/admin:$i30:$INDEX_ALLOCATION/admin.php
will run the PHP script without asking for proper credentials.(暂时没有翻译)
By appending /.php to an ASPX file (or any other file using the .NET framework that is not blocked through the request filtering rules,like misconfigured: .CS,.VB files) IIS/7.5 responds with the full source code of the file and executes it as PHP code. This means that by using an upload feature it might be possible (under special circumstances) to execute arbitrary PHP code.