CGI安全漏洞资料速查 v1.0(转四)-php手册-php.cn

Home

php教程

php手册

CGI安全漏洞资料速查 v1.0(转四)

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jun 21, 2016 am 09:12 AM

index server

cgi|安全|安全漏洞

76
类型：攻击型
名字： aexp.htr
风险等级：中
描述：在/iisadmpwd目录下存在aexp.htr文件,类似的还有aexp2.htr,aexp3.htr和aexp4b.htr等,这些文件允许攻击者用穷举法等方式破解和修改NT用户的密码。
建议：建议禁止对/iisadmpwd目录的访问
解决方法：删除aexp.htr文件

____________________________________________________________________________________

77
类型：攻击型
名字： aexp2.htr
风险等级：中
描述：在/iisadmpwd目录下存在aexp2.htr文件,类似的还有aexp2.htr,aexp3.htr和aexp4b.htr等,这些文件允许攻击者用穷举法等方式破解和修改NT用户的密码。
建议：建议禁止对/iisadmpwd目录的访问
解决方法：删除aexp2.htr文件

_______________________________________________________________________________________

78
类型：攻击型
名字： aexp3.htr
风险等级：中
描述：在/iisadmpwd目录下存在aexp3.htr文件,类似的还有aexp2.htr,aexp3.htr和aexp4b.htr等,这些文件允许攻击者用穷举法等方式破解和修改NT用户的密码。
建议：建议禁止对/iisadmpwd目录的访问
解决方法：删除aexp3.htr文件

_________________________________________________________________________________________

79
类型：攻击型
名字： aexp4b.htr
风险等级：中
描述：在/iisadmpwd目录下存在aexp4b.htr文件,类似的还有aexp2.htr,aexp3.htr和aexp4b.htr等,这些文件允许攻击者用穷举法等方式破解和修改NT用户的密码。
建议：建议禁止对/iisadmpwd目录的访问
解决方法：删除aexp4b.htr文件

____________________________________________________________________________________

80
类型：攻击型
名字： achg.htr
风险等级：中
描述：在/iisadmpwd目录下存在aechg.htr文件,类似的还有aexp2.htr,aexp3.htr和aexp4b.htr等,这些文件允许攻击者用穷举法等方式破解和修改NT用户的密码。
建议：建议禁止对/iisadmpwd目录的访问
解决方法：删除achg.htr文件

____________________________________________________________________________________

81
类型：攻击型
名字： ExprCale.cfm
风险等级：中
描述：在Coldfusion的web目录: /cfdocs/expeval/ExprCalc.cfm文件，这个文件有个漏洞允许用户读取服务器硬盘上的任意文件包括用户密码数据库sam文件
建议：删除相关的文件
解决方法：删除ExprCalc.cfm文件

_______________________________________________________________________________________

82
类型：攻击型
名字： getfile.cfm
风险等级：中
描述：在Coldfusion的web目录: /getfile.cfm文件，这个文件有个漏洞允许用户读取服务器硬盘上的任意文件包括用户密码数据库sam文件
建议：删除相关的文件
解决方法：删除getfile.cfm文件

_______________________________________________________________________________

119
类型：信息型
名字： x.htw
风险等级：中
描述： IIS4.0上有一个应用程序映射htw--->webhits.dll，这是用于Index Server的点击功能的。尽管你不运行Index Server，该映射仍然有效。这个应用程序映射存在漏洞，允许入侵者读取本地硬盘上的文件，数据库文件，和ASP源代码。
建议：
建议在IIS控制台中删除无用的应用程序映射

________________________________________________________________________________

120
类型：信息型
名字： qfullhit.htw
风险等级：中
描述： IIS4.0上有一个应用程序映射htw--->webhits.dll，这是用于Index Server的点击功能的。尽管你不运行Index Server，该映射仍然有效。这个应用程序映射存在漏洞，允许入侵者读取本地硬盘上的文件，数据库文件，和ASP源代码。
建议：建议在IIS控制台中删除无用的应用程序映射

____________________________________________________________________________________

121
类型：信息型
名字： iirturnh.htw
风险等级：中
描述： IIS4.0上有一个应用程序映射htw--->webhits.dll，这是用于Index Server的点击功能的。尽管你不运行Index Server，该映射仍然有效。这个应用程序映射存在漏洞，允许入侵者读取本地硬盘上的文件，数据库文件，和ASP源代码。
建议：建议在IIS控制台中删除无用的应用程序映射

相信认真看的朋友会看到,在序号82处,漏了几十条信息..那也是没办法，不是我的问题，我拿到这份资料时就是这样了...不知道是因为那几十条漏洞信息比较有破坏性还是什么原因。。请有识之士补全 :)

Statement of this Website

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

How to fix KB5055523 fails to install in Windows 11?

3 weeks ago By DDD

How to fix KB5055518 fails to install in Windows 10?

3 weeks ago By DDD

Strength Levels for Every Enemy & Monster in R.E.P.O.

3 weeks ago By 尊渡假赌尊渡假赌尊渡假赌

Roblox: Dead Rails - How To Tame Wolves

3 weeks ago By DDD

Roblox: Grow A Garden - Complete Mutation Guide

2 weeks ago By DDD

Hot Tools

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

God-level code editing software (SublimeText3)

Hot Topics

Java Tutorial

1655

CakePHP Tutorial

1413

Laravel Tutorial

1306

PHP Tutorial

1252

C# Tutorial

1226

Related knowledge

What file is index.html? Feb 19, 2024 pm 01:36 PM

index.html represents the home page file of the web page and is the default page of the website. When a user visits a website, the index.html page is usually loaded first. HTML (HypertextMarkupLanguage) is a markup language used to create web pages, and index.html is also an HTML file. It contains the structure and content of a web page, as well as tags and elements used for formatting and layout. Here is an example index.html code: &lt

How to install, uninstall, and reset Windows server backup Mar 06, 2024 am 10:37 AM

WindowsServerBackup is a function that comes with the WindowsServer operating system, designed to help users protect important data and system configurations, and provide complete backup and recovery solutions for small, medium and enterprise-level enterprises. Only users running Server2022 and higher can use this feature. In this article, we will explain how to install, uninstall or reset WindowsServerBackup. How to Reset Windows Server Backup If you are experiencing problems with your server backup, the backup is taking too long, or you are unable to access stored files, then you may consider resetting your Windows Server backup settings. To reset Windows

Windows Server 2025 preview version welcomes update, Microsoft improves Insiders testing experience Feb 19, 2024 pm 02:36 PM

On the occasion of releasing the build 26040 version of Windows Server, Microsoft announced the official name of the product: Windows Server 2025. Also launched is the Windows11WindowsInsiderCanaryChannel version build26040. Some friends may still remember that many years ago someone successfully converted Windows NT from workstation mode to server mode, showing the commonalities between various versions of Microsoft operating systems. Although there are clear differences between Microsoft's current version of the server operating system and Windows 11, those who pay attention to the details may be curious: why Windows Server updated the brand,

How to modify the Nginx version name to disguise any web server May 14, 2023 pm 09:19 PM

How to modify the default name of nginx, you can disguise it a little, or you can install Tip: Generally, modifications are made before nginx is compiled. After modification, the code needs to be recompiled as follows: scr/core/nginx.conf#definenginx_version"1.4.7"#definenginx_ver"nginx/"n

Microsoft releases Windows Server vNext preview version 25335 Jan 10, 2024 am 08:49 AM

While Microsoft released the Win11 preview update for the desktop, today it also released the Windows Server Long Term Service Channel (LTSC) preview Build 25335. As usual, Microsoft did not publish a complete change log, or even provide a corresponding blog post. Microsoft has adjusted the Windows Server preview version update log to make it the same as the Canary channel version. If no new content is introduced, the official blog post will not be posted. Note from IT Home: The server brand has not been updated and is still Windows Server 2022 in the preview version. In addition, Microsoft calls these versions Windows Server vNext instead of the Windows version that is already on the market.

Microsoft releases Windows Server 26080 preview update: Fixes Feedback Hub failure Mar 14, 2024 pm 07:11 PM

IT House reported on March 14 that in addition to the Windows 11 Build 26080 preview update for the desktop, Microsoft also updated and launched the Windows Server Build 26080 preview update. As the latest preview version of the upcoming Windows Server Long Term Servicing Channel (LTSC), Windows Server Build 26080 provides Data Center Edition and Standard Edition, and users can choose desktop experience and Server Core installation options. This release also includes an annual channel for container hosts, and an Azure release specifically for virtual machine evaluation. IT House queries X social media. User feedback clicks the Copilot button in the lower right corner.

PHP source code running problem: index error solution Mar 09, 2024 pm 09:24 PM

PHP source code running problem: Index error resolution requires specific code examples. PHP is a widely used server-side scripting language that is often used to develop dynamic websites and web applications. However, sometimes you will encounter various problems when running PHP source code, among which "index error" is a common situation. This article will introduce some common causes and solutions of index errors, and provide specific code examples to help readers better deal with such problems. Problem Description: When running a PHP program

What is the matching logic of Server and Location in Nginx? May 12, 2023 am 11:10 AM

Server matching logic When nginx determines which server block to execute a request, it mainly focuses on the listen and server_name fields in the server block. The listen command listen field defines the IP and port of the server response. If the listen field is not explicitly configured, the default listening 0.0.0.0:80 (root) or 0.0.0.0:8080 (non-root) listen can be configured as: a combination of ip and port, a single ip, listening on port 80 by default, a single port, and listening on all ip interfaces by default A unixsocket path where the last entry is usually only used in different

See all articles