Brief introduction
Support HTTP protocol HTTP / 2 HTTPS the FTP FTPS the SMTP NNTP and other
support operating systems NT / 2000 XP Professional / Server 2003 and later / (XP Home does not)
Parsing Vulnerability
IIS 6.0 /xx.asp/xx.jpg "xx.asp" is the folder name IIS 7.0 / 7.5 Fast-CGI is turned on by default, /1.php direct input in the back of the picture url address, will normal picture parsing as php
CVE-2009-4444
DATE
2009
type
Microsoft IIS malformed file extension to bypass security restrictions vulnerability
affecting versions of
IIS 6.0
CVE-2005-4360(MS07-041)
DATE 2005
type
Remote Buffer Overflow Vulnerability
Sphere of influence
IIS 5.1
CVE-2009-3023
DATE 2009 type remote code execution scope of IIS 5.0, IIS 5.1, IIS 6.0
CVE-2009-2521
DATE 2009 Type DDOS scope of IIS 5.0, IIS 5.1, IIS 6.0 , IIS 7.0
IIS authentication bypass and source code leak
Type ultra vires + source code disclosure scope of IIS 6.0 , IIS 7.5
CVE-2015-1635 (MS15-034)
DATE
, 2015
type
remote code execution
scope
IIS 7.5, IIS 8.0, IIS 8.5
Short file name
IIS 1.0,Windows NT 3.51 IIS 3.0,Windows NT 4.0 Service Pack 2 IIS 4.0,Windows NT 4.0选项包 IIS 5.0,Windows 2000 IIS 5.1,Windows XP Professional和Windows XP Media Center Edition IIS 6.0,Windows Server 2003和Windows XP Professional x64 Edition IIS 7.0,Windows Server 2008和Windows Vista IIS 7.5,Windows 7(远程启用<customErrors>或没有web.config) IIS 7.5,Windows 2008(经典管道模式) IS 8.0,Windows 8, Windows Server 2012 IIS 8.5,Windows 8.1,Windows Server 2012 R2 IIS 10.0,Windows 10, Windows Server 2016 注意:IIS使用.Net Framework 4时不受影响
复现