国产av日韩一区二区三区精品,成人性爱视频在线观看,国产,欧美,日韩,一区,www.成色av久久成人,2222eeee成人天堂

Home php教程 php手冊 CGI安全漏洞資料速查 v1.0(轉(zhuǎn)三)

CGI安全漏洞資料速查 v1.0(轉(zhuǎn)三)

Jun 21, 2016 am 09:12 AM
asp microsoft web

cgi|安全|安全漏洞

51
類型: 攻擊型
名字: search97.vts
風(fēng)險等級: 中
描述: 這個文件將能使入侵者任意的讀取你系統(tǒng)中啟動httpd用戶能讀取的文件
建議: 將在您Web目錄中的search97.vts刪除或移走
解決方法: 將在您Web目錄中的search97.vts刪除或移走,或前往以下地址下載Patch
https://customers.verity.com/products/server/310/patches/


_____________________________________________________________________________

52
類型: 攻擊型
名字: carbo.dll
風(fēng)險等級: 低
描述: 如果您安裝了Systems running iCat Suite version 3.0,那么它將自動在你的系統(tǒng)上添加一個叫carbo.dll的文件,而入侵者將能利用這個文件訪問您系統(tǒng)上的熱和文件
建議: 將在您Web目錄中的openfile.cfm刪除或移走
解決方法: 將在您Web目錄中的openfile.cfm刪除或移走


__________________________________________________________________________

53
類型: 攻擊型
名字: whois_raw.cgi
風(fēng)險等級: 低
描述: 因為whois_raw.cgi作者的失誤,這個CGI將使入侵者能夠以您系統(tǒng)上啟動httpd的用戶的權(quán)限執(zhí)行您系統(tǒng)上任意的程序
建議: 將在您Web目錄中的whois_raw.cgi刪除或移走
解決方法: 將在您Web目錄中的whois_raw.cgi刪除或移走


_______________________________________________________________________________

54
類型: 攻擊型
名字: doc
風(fēng)險等級: 低
描述: 您的Web目錄可以文件列表,這將幫助入侵者分析您的系統(tǒng)信息
建議: 將您的所有Web目錄設(shè)置為不能文件列表
解決方法: 將您的所有Web目錄設(shè)置為不能文件列表


_______________________________________________________________________________

55
類型: 攻擊型
名字: .html/............./config.sys
風(fēng)險等級: 低
描述: 如果您使用的是較久版本的ICQ,那么入侵者能夠利用它閱讀您機器上的所有文件
建議: 下載新版本的ICQ
解決方法: 請前往以下地址下載新版本的ICQ
http://www.icq.com/download/


______________________________________________________________________

56
類型: 攻擊型
名字: ....../
風(fēng)險等級: 中
描述: 您使用的WebServer軟件能使入侵者閱讀您系統(tǒng)上的所有文件
建議: 更換或升級您的WebServer軟件
解決方法: 更換或升級您的WebServer軟件


_________________________________________________________________________


58
類型: 攻擊型
名字: no-such-file.pl
風(fēng)險等級: 低
描述: 由于您的WebServer軟件的缺陷,使得入侵者能夠利用不存在的CGI腳本請求來分析您的站點的目錄結(jié)構(gòu)
建議: 升級您的WebServer軟件
解決方法: 升級您的WebServer軟件


________________________________________________________________________________

59
類型: 攻擊型
名字: _vti_bin/shtml.dll
風(fēng)險等級: 低
描述: 入侵者利用這個文件將能使您的系統(tǒng)的CPU占用率達到100%
建議: 將_vti_bin/shtml.dll從您的Web目錄刪除或移走
解決方法: 將_vti_bin/shtml.dll從您的Web目錄刪除或移走

______________________________________________________________________

60
類型: 信息型
名字: nph-publish
風(fēng)險等級: 中
描述: 在/cgi-bin目錄下存在nph-publish文件,這使入侵者能通過www瀏覽服務(wù)器上的任何文件
建議: 建議審查/cgi-bin目錄,刪除不必要的cgi程序
解決方法: 刪除nph-publish文件


______________________________________________________________________


61
類型: 信息型
名字: showcode.asp
風(fēng)險等級: 中
描述: 在/msadc/Samples/SELECTOR/showcode.asp?source=/msadc/Samples/SELECTOR/目錄下存在showcode.asp文件可以被入侵者利用來查看服務(wù)器上的文件內(nèi)容
建議: 最好禁止/msadc這個web目錄的匿名訪問,建議刪除這個web目錄
解決方法: 刪除showcode.asp文件

_________________________________________________________________________

62
類型: 信息型
名字: _vti_inf.html
風(fēng)險等級: 中
描述: web根目錄下存在_vti_inf.html文件,該文件是Frontpage extention server的特征,包含了一系列Frontpage Extention Server的重要信息;而且Frontpage Extention server是一個有很多漏洞的web服務(wù),用它入侵者可能直接修改首頁文件
建議: 用ftp等其它方式上載網(wǎng)頁文件
解決方法: 卸載Frontpage Extention Server
________________________________________________________________________________

63
類型: 信息型
名字: index.asp::$DATA
風(fēng)險等級: 中
描述: asp程序的源代碼可以被后綴+::$DATA的方法查看到,這樣入侵者可以設(shè)法查到服務(wù)器數(shù)據(jù)庫密碼等重要信息

建議: 建議留意微軟最新關(guān)于codeview的補丁和安全公告
解決方法: 安裝services pack6或者打補丁:
ftp://ftp.microsoft.com/bussys/iis/iis-public/fixes/chs/security/fesrc-fix/
相關(guān)連接: ftp://ftp.microsoft.com/bussys/iis/iis-public/fixes/chs/security/fesrc-fix/


___________________________________________________________________________________

64
類型: 攻擊型
名字: main.asp%81
風(fēng)險等級: 低
描述: asp程序的源代碼可以被后綴+%81的方法查看到,這樣入侵者可以設(shè)法查到服務(wù)器數(shù)據(jù)庫密碼等重要信息

建議: 建議留意微軟最新關(guān)于codeview的補丁和安全公告
解決方法: 安裝services pack6或者打補丁:
ftp://ftp.microsoft.com/bussys/iis/iis-public/fixes/chs/security/fesrc-fix/
相關(guān)連接: ftp://ftp.microsoft.com/bussys/iis/iis-public/fixes/chs/security/fesrc-fix/

____________________________________________________________________________________
65
類型: 信息型
名字: showcode.asp_2
風(fēng)險等級: 中
描述: 在/msadc/Samples/SELECTOR/目錄下存在showcode.asp文件,用下面的路徑:
http://www.xxx.com/msadc/Samples/SELECTOR/showcode.asp?source=/msadc/Samples/../../../../../boot.ini
可以查到boot.ini文件的內(nèi)容;實際上入侵者能夠利用這個ASP查看您系統(tǒng)上所有啟動httpd用戶有權(quán)限閱讀的文件

建議: 禁止對/msadc目錄的匿名訪問
解決方法: 將在您Web目錄中的showcode.asp刪除或移走
請前往以下地址查詢補丁
Internet Information Server:
ftp://ftp.microsoft.com/bussys/iis/iis-public/fixes/usa/Viewcode-fix/
Site Server:
ftp://ftp.microsoft.com/bussys/sitesrv/sitesrv-public/fixes/usa/siteserver3/hotfixes-postsp2/Viewcode-fix/
http://www.microsoft.com/security/products/iis/checklist.asp
相關(guān)連接: ftp://ftp.microsoft.com/bussys/iis/iis-public/fixes/usa/Viewcode-fix/


_____________________________________________________________________________________

66
類型: 攻擊型
名字: ism.dll
風(fēng)險等級: 高
描述: 在/scripts/iisadmin/目錄下存在ism.dll文件,這個文件有一個溢出錯誤,允許入侵者在服務(wù)器上執(zhí)行任意一段程序;另外。攻擊者還隨時可以令服務(wù)器的www服務(wù)死掉
建議: 禁止對/scripts目錄的匿名訪問
解決方法: 刪除/scripts/iisadmin/ism.dll, 或者打開iis的管理控制臺,選取默認(rèn)web站點,點右鍵,選取屬性,點:"主目錄",在起始點那行點"配置"按鈕,將".htr"的應(yīng)用程序映射項刪除



___________________________________________________________________________________________


67
類型: 信息型
名字: codebrws.asp_2
風(fēng)險等級: 中
描述: 在/iissamples/sdk/asp/docs/下面存在codebrws.asp文件,用下面的路徑:
http://www.xxx.com/iissamples/exair/howitworks/codebrws.asp?source=/index.asp就可以查看到index.asp的源碼。實際上任何ascii文件都可以瀏覽。

建議: 刪除名叫/iissamples/的web目錄
解決方法: 將在您Web目錄中的codebrws.asp刪除或移走
請前往以下地址查詢補丁
Internet Information Server:
ftp://ftp.microsoft.com/bussys/iis/iis-public/fixes/usa/Viewcode-fix/
Site Server:
ftp://ftp.microsoft.com/bussys/sitesrv/sitesrv-public/fixes/usa/siteserver3/hotfixes-postsp2/Viewcode-fix/
http://www.microsoft.com/security/products/iis/checklist.asp
相關(guān)連接: ftp://ftp.microsoft.com/bussys/iis/iis-public/fixes/usa/Viewcode-fix/

______________________________________________________________________________________


68
類型: 攻擊型
名字: uploadn.asp
風(fēng)險等級: 高
描述: 在/scripts/tools目錄下存在uploadn.asp程序,只要入侵者有一個可用帳號,哪怕是Guest帳號,就可以上傳任何文件到你的web目錄,除了替換主頁外,他更可以進一步控制你的整個系統(tǒng)!
建議: 刪除名為/scripts的web目錄
解決方法: 刪除uploadn.asp文件
相關(guān)連接:


____________________________________________________________________________________

69
類型: 攻擊型
名字: uploadx.asp
風(fēng)險等級: 高
描述: 在/scripts/tools目錄下存在uploadx.asp程序,只要入侵者有一個可用帳號,哪怕是Guest帳號,就可以上傳任何文件到你的web目錄,除了替換主頁外,他更可以進一步控制你的整個系統(tǒng)!
建議: 刪除名為/scripts的web目錄
解決方法: 刪除uploadx.asp文件
相關(guān)連接:

______________________________________________________________________________________

70
類型: 攻擊型
名字: query.asp
風(fēng)險等級: 低
描述: 在/IISSAMPLES/ExAir/Search/的目錄下存在query.asp文件,這個文件有個漏洞如果被攻擊者利用,后果將導(dǎo)致CPU使用率達到100%,機器速度將明顯變慢
建議: 禁止對/iissamples目錄的存取
解決方法: 刪除query.asp文件

_______________________________________________________________________________

71
類型: 攻擊型
名字: advsearch.asp
風(fēng)險等級: 低
描述: 在/IISSAMPLES/ExAir/Search/的目錄下存在query.asp文件,這個文件有個漏洞如果被攻擊者利用,后果將導(dǎo)致CPU使用率達到100%,機器速度將明顯變慢
建議: 禁止對/iissamples目錄的存取
解決方法: 刪除advsearch.asp文件


_______________________________________________________________________________

72
類型: 攻擊型
名字: search.asp
風(fēng)險等級: 低
描述: 在/IISSAMPLES/ExAir/Search/的目錄下存在search.asp文件,這個文件有個漏洞如果被攻擊者利用,后果將導(dǎo)致CPU使用率達到100%,機器速度將明顯變慢
建議: 禁止對/iissamples目錄的存取
解決方法: 刪除search.asp文件

_________________________________________________________________________________

74
類型: 攻擊型
名字: getdrvrs.exe
風(fēng)險等級: 中
描述: 這個存在于/scripts/tools目錄下的getdrvrs.exe文件允許任何一個用戶在web根目錄下創(chuàng)建任何文件,和創(chuàng)建ODBC數(shù)據(jù)源
建議: 禁止對/scripts/tools目錄的匿名訪問
解決方法: 刪除getdrvrs.exe文件


_______________________________________________________________________________

73
類型: 攻擊型
名字: newdsn.exe
風(fēng)險等級: 中
描述: 這個存在于/scripts/tools目錄下的newdsn.exe文件允許任何一個用戶在web根目錄下創(chuàng)建任何文件,如:
http://xxx.xxx.xxx.xxx/scripts/tools/newdsn.exe?driver=Microsoft%2BAccess%2BDriver%2B%28*.mdb%29&dsn=Evil2+samples+from+microsoft&dbq=..%2F..%2Fwwwroot%2Fevil2.htm&newdb=CREATE_DB&attr=
建議: 禁止對/scripts/tools目錄的匿名訪問
解決方法: 刪除newdsn.exe文件


_______________________________________________________________________________

75
類型: 信息型
名字: showcode.asp_3
風(fēng)險等級: 中
描述: 在/iissamples/exair/howitworks/存在code.asp文件,入侵者利用該文件可以查看服務(wù)器硬盤上任何一個ASCII文件的內(nèi)容,并顯示asp程序文件的源代碼
建議: 禁止對/iissamples的web目錄的匿名訪問
解決方法: 刪除showcode.asp文件



Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undress AI Tool

Undress AI Tool

Undress images for free

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Clothoff.io

Clothoff.io

AI clothes remover

Video Face Swap

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Tools

Notepad++7.3.1

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

SublimeText3 Mac version

God-level code editing software (SublimeText3)

Easily remove borders in Microsoft Edge in three simplified steps Easily remove borders in Microsoft Edge in three simplified steps Sep 02, 2023 pm 02:57 PM

Many users are dissatisfied with the white border around web pages in Microsoft Edge. They think it's unnecessary and distracting, and they're asking Microsoft to remove Microsoft Edge's bezels entirely. This is similar to the saying "don't fix what's not broken", but Microsoft doesn't seem to have taken this into account. Of course, it's a popular web browser that offers a variety of features, including a built-in ad blocker, tracking prevention, and a password manager. However, some users may find that the browser has a border around web pages. This border can be distracting or unsightly, and there are several ways to remove it. In a lengthy conversation on r/Edge, some regular non-internal users discovered,

Key differences between Microsoft 365 Copilot, Bing Chat Enterprise, and Copilot in Windows Key differences between Microsoft 365 Copilot, Bing Chat Enterprise, and Copilot in Windows Sep 23, 2023 pm 03:57 PM

Currently, Microsoft offers three different AI assistants to enterprise customers: Microsoft365Copilot, BingChatEnterprise, and Copilot in Windows. We would like to explain the differences between these three options. CopilotinWindows: Copilot in Windows is a powerful tool that helps you complete tasks faster and easier. You can seamlessly access Copilot from the taskbar or by pressing Win+C, and it will provide help next to any application you use. Copilot in Windows features new icons, new user experience and BingChat. it will be 2

Fix 'Your account is currently unavailable' error in OneDrive Fix 'Your account is currently unavailable' error in OneDrive Sep 13, 2023 am 08:33 AM

Trying to log in in Windows doesn't work either. However, a check on the Microsoft account showed that there were no issues with it. I am able to log in and out of my Microsoft account on Windows and the web and am able to access all services. Only OneDrive appears to be affected. Microsoft's error message, like most of the time, isn't very helpful because it's too generic to be of much use. It starts with the following statement: "Your OneDrive or profile may be temporarily blocked because it is experiencing an unusually large amount of traffic. In this case, the block will be removed after 24 hours" This is followed by another sentence, Other possible reasons for temporary account suspension are listed: "

What are web standards? What are web standards? Oct 18, 2023 pm 05:24 PM

Web standards are a set of specifications and guidelines developed by W3C and other related organizations. It includes standardization of HTML, CSS, JavaScript, DOM, Web accessibility and performance optimization. By following these standards, the compatibility of pages can be improved. , accessibility, maintainability and performance. The goal of web standards is to enable web content to be displayed and interacted consistently on different platforms, browsers and devices, providing better user experience and development efficiency.

what does web mean what does web mean Jan 09, 2024 pm 04:50 PM

The web is a global wide area network, also known as the World Wide Web, which is an application form of the Internet. The Web is an information system based on hypertext and hypermedia, which allows users to browse and obtain information by jumping between different web pages through hyperlinks. The basis of the Web is the Internet, which uses unified and standardized protocols and languages ??to enable data exchange and information sharing between different computers.

Golang learning form validation practice for web applications Golang learning form validation practice for web applications Jun 24, 2023 pm 03:07 PM

In web development, form validation is an extremely critical part. Form verification can effectively protect data security and prevent attacks and malicious operations by illegal users. In Golang, form validation technology is also widely used, especially in web applications. This article will introduce the practice of form validation for web applications in Golang. 1. Basic Principles of Form Validation In web applications, the basic principle of form validation is to check and verify data before submitting data on the web page. This data may be user

How to log in to a Microsoft account on Windows 10 How to log in to a Microsoft account on Windows 10 Jan 01, 2024 pm 05:58 PM

You can log in with a Microsoft account in the win10 system, but there are still many friends who don’t know how to log in. Today I will bring you the method of logging in with a win10 Microsoft account. Come and take a look. How to log in to win10 microsoft account: 1. Click Start in the lower left corner and click the gear to open settings. 2. Then find "Account" and click to open. 3. After entering the account, click "Email and App Accounts" on the left. 4. Then click "Add Account" on the right. 5. After entering the account interface, many options will appear. Click the first "outlook". 6. Enter your account number in the Microsoft account window that appears. 7. After all is completed, you can

How to enable administrative access from the cockpit web UI How to enable administrative access from the cockpit web UI Mar 20, 2024 pm 06:56 PM

Cockpit is a web-based graphical interface for Linux servers. It is mainly intended to make managing Linux servers easier for new/expert users. In this article, we will discuss Cockpit access modes and how to switch administrative access to Cockpit from CockpitWebUI. Content Topics: Cockpit Entry Modes Finding the Current Cockpit Access Mode Enable Administrative Access for Cockpit from CockpitWebUI Disabling Administrative Access for Cockpit from CockpitWebUI Conclusion Cockpit Entry Modes The cockpit has two access modes: Restricted Access: This is the default for the cockpit access mode. In this access mode you cannot access the web user from the cockpit

See all articles