View Mode: Normal | Article List
Category: Security | < | 1 | 2 | 3 | >

IIS 6 默认ACLs权限

[ 2006-08-19 13:33:35 | Author: zhenhua ]
NTFS permissions
Directory UsersGroups Permissions
%windir%helpiishelpcommon Administrators Full control
%windir%helpiishelpcommon System Full control
%windir%helpiishelpcommon IIS_WPG Read
%windir%helpiishelpcommon Users (See Note 1.) Read, execute
%windir%IIS Temporary Compressed Files Administrators Full control
%windir%IIS Temporary Compressed Files System Full control
%windir%IIS Temporary Compressed Files IIS_WPG List, read, write
%windir%IIS Temporary Compressed Files Creator owner Full control
...

Read More...

note

[ 2006-07-25 16:13:51 | Author: zhenhua ]
WScript.Shell:
regsvr32/u wshom.ocx
regsvr32/u wshext.dll

Shell.application:
regsvr32 shell32.dll /u /s
cacls %systemroot%\system32\shell32.dll /e /d guests

regedit:
shell.application
wscript.shell

net.exe cacls.exe telnet.exe tftp.exe tftp.exe format.com mountvol.exe mshta.exe

Temp目录权限

[ 2006-04-09 14:26:49 | Author: zhenhua ]
只可以“写入”与“读取” 两个,其他一律不可
包括php的session

AccessEnum

[ 2006-03-14 13:02:59 | Author: zhenhua ]
Win下检查目录权限的好东东,一目了然

While the flexible security model employed by Windows NT-based systems allows full control over security and file permissions, managing permissions so that users have appropriate access to files, directories and Registry keys can be difficult. There's no built-in way to quickly view user accesses to a tree of directories or keys. AccessEnum gives you a full view of your file system and Registry security settings in seconds, making it the ideal tool for helping you for ...

Read More...

编写安全高效的代码

[ 2005-11-04 19:23:57 | Author: zhenhua ]
小结
  • 尽量少用或不用视图
  • 需要哪个字段就select什么字段,不要select * from ...
  • 所有需要处理的东西都在服务器端判断,不要传到页面去判断
  • 尽量写在后台,不要用前台
  • 所有都是"面向对象"
Bijaya's View

Kill Shell

[ 2004-09-09 01:48:17 | Author: zhenhua ]
搜索类型:*.asp /*.htm
关键字:
桂林老兵
海洋
稻香
冰点
后门
VBScript.Encode
0D43FE01-F093-11CF-8940-00A0C9054228
093FF999-1EA0-4079-9525-9614C3504B74
72C24DD5-D70A-438B-8A42-98424B88AFB8
CreateTextFile
eval(r
Execute request
Execute session
OpenTextFile
WriteLine
5xSoft
Scripting.Dictionary
Request.BinaryRead
DeleteFile
MoveFile
Getfile
=VBS
iframe src
back door