first say the solution:
Download Silvermoon server tool, use the tool-> component downloader to download ISAPI_Rewrite, extract it.
Add ISAPI_Rewrite.dll in ISAPI_Rewrite to ISAPI, the name is ISAPI_Rewrite, this is pseudo-static, you have not installed it
Download the vulnerability patch package, which is the item selected in the figure below, and download it!
Replace httpd.ini in the ISAPI_Rewrite directory with httpd.ini in the patch package.
Or to ensure that the httpd.ini under ISAPI_Rewrite has the following two rules for the selection of the following figure! This will prevent these two IIS vulnerabilities. It is necessary to make these two rules effective. The httpd.ini under the ISAPI_Rewrite directory is a global configuration file that will be applied to all websites, which will protect all websites from vulnerabilities.
Let’s talk about this vulnerability (below), as long as a file has (.asp) followed by a semicolon (;) followed by a random character plus an extension. Such as (cao.asp; ca.jpg) this file Windows will be used as a jpg image file, but this file will be run as asp in IIS, (cao.asp; ca.jpg) This file IIS will be recognized as (cao. Asp), after the semicolon, things are ignored - -. So the file name (cao.asp;.jpg) is also OK!
There is a picture in the patch package, put the law below each site, if anyone uses this vulnerability! Will see this picture!
Principle: In Windows, to search for multiple files is divided by a semicolon (;), if the file itself has a semicolon? - -. Haha system can not search for such files! The following picture shows that this file h.asp;kk.jpg will be searched as two files h.asp and kk.jpg in Windows search. This is a misdesign of Windows. It should be said that it should not be allowed. The semicolon (;) is the file name!
But you need to know that cdx, cer, etc. are all asp mappings! So aaa.cdx; kk.jpg will be run as asp! If these maps are not deleted, they will be used. With the above methods, these will become safe!
The following figure is an ASP directory vulnerability, as long as the directory name is xxxx.asp, all files under the directory will be run as asp files. This is the asp directory vulnerability
Silver Moon Remote, Silvermoon Network, Silvermoon Server Tools Tool.
When the Windows 2003 server is installed on the server and the firewall is ready
WebDA-based (Web-based Distributed Authoring and Versioning) A communication proto
This article takes Serv-U6.4 as an example. Setting method: Double-click to open S
server perfect settings, support asp php cgi jsp asp.net mysql! First download the program we want
Talking about the load balancing service of IDC engine room!
Linux server cluster system implementation solution detailed analysis
Three ways to disable the FileSystemObject component
JSP and IIS the best solution for Case Analysis
Windows Virtual Server Backup Two Methods
Government agencies server software full Raiders operating system articles
Server leases five major fraud methods and top ten identification skills
The performance library for the "TermService" service in the event log
How to change the OHS port to 80
Teach you to eliminate the drawbacks of virtualization on data centers
What is the CDN and its type characteristics
What is the difference between a server and a PC on the hard disk?
Win10 system can not open the software prompt file lost how to solve
Operation and maintenance experience sharing: server cost optimization strategy
Win7 system game can not play the prompt "do not find d3d11.dll" What should I do?
Win10 system recovery start screen operation method
The difference between URL forwarding "hidden" and "not hidden"
Win7 system IE11 shield update prompt to keep IE8/9/10 method
Win7 system open file prompt "references an unavailable location" solution
Extreme speed power reduces cumbersome system operation
WinXP system printer shows Spoolsv.exe application error solution
Samsung will open source Bada system next year to reduce dependence on Android