Middleware vulnerabilities summary (a)
Two, IIS vulnerability analysis
(A) IIS Introduction
IIS is Internet Information Services in the acronym meaning Internet information service, is based on Microsoft Windows running Internet basic service provided by Microsoft. Originally Windows NT version of the optional package, then the built-in Windows 2000, Windows XP Professional and Windows Server 2003 release together, but in the Windows XP Home version does not IIS. IIS is a Web (web) service components, including Web server, FTP server, NNTP server and SMTP server, respectively for terms of web browsing, file transfer, and mail services such as news, it makes the network (including the Internet and LAN) release information has become a very easy thing to do on.
IIS security vulnerability had long been criticized by the industry, remote execution vulnerabilities appear once IIS will be very serious. Remote code execution vulnerability exists in the HTTP protocol stack (HTTP.sys), when HTTP.sys not analyzed properly by the HTTP request special design causes this vulnerability. An attacker who successfully exploited this vulnerability could execute arbitrary code in the context of the system account, the IIS server machine can cause a blue screen or read confidential data in its memory
(B) PUT Vulnerability
1 , and causes of vulnerability Introduction
IIS Server open a Web service extension in the WebDAV, configure the permissions can be written, resulting in arbitrary file upload.
Version: IIS6.0
2 , bugs reproduce
1) turn on WebDAV and write permissions
2) using the test burp
Ethereal, the GET request instead OPTIONS
3) the use of tools for testing
Successful upload, and then upload a word Trojan, and then connect with a kitchen knife, getshell
3 , bug fixes
Close WebDAV and write permissions