c***c 发帖数: 21374 | 1 随便google上面搜索了一下,找到一个老的
14、NT Index Server存在返回上级目录的漏洞
问题描述
受影响的版本:Microsoft Index Server2.0 [WinNT4.0,WinNT 2000.0]
Index Sserver2.0是WinNT4.0 Option Pack中附带的一个软件的工具,其中的功能已
经被WinNT 2000中的Indexing Services所包含。当与IIS结合使用时,Index Server和Ind
exing Services便可以在最初的环境来浏览Web Search的结果,它将生成一个HTML文件,其
中包含了查找后所返回页面内容的简短引用,并将其连接至所返回的页面[即符合查询内容
的页面],也就是超级连接。要做到这一点,它便需要支持由webhits.dll ISAPI程序处理的
.htw文件类型。这个dll允许在一个模版中使用"../"用做返回上级目录的字符串.这样,了
解服务器文件结构的攻击者便可以远程的阅读该机器上的任意文件了。
漏洞的利用:
1)您的系统中存在.htw文件
Index Server |
|
a*****w 发帖数: 33 | 2 The thing is that I CAN move this files (although I
cannot open this files and can not see the chinese
name of those files)in English WINNT4.0 or English WIN2000,
but I really dont understand why I cannot move those files
under English WIN98. Although I am using NJStar 2.1 in
all cases...
PS1: Files are all on CD-ROM, so I cannot rename them (i
don't
have CD-RW).
PS2: Before I start NJStar in ENglish WINNT4.0 or English
WIN2000, I cannot move those chinese-named files, but after
I start NJStar, |
|
f***t 发帖数: 39 | 3 听说来了一灌水加CS高手, 先给来个下马威! :)
【 以下文字转载自 Linux 讨论区 】
【 原文由 float 所发表 】
我在Vmware下运行的是raw disk的WinNT4.0, 其它硬件设备都能正常
工作, 包括声卡, 显卡, 光驱, 软盘等. 但网络一直不能运行起来,
不论是host-only, 还是bridged.
请问各位大侠, vmware网络应该如何设置? |
|
G*******n 发帖数: 6889 | 4 AppleScript improvements alone makes it a worthy upgrade, but, since you
probably never used AppleScript anyway, I won't bother boasting how useful
AS is. I personally use AS to automate our WebServer's maintenance at
midnight unattended.
Faster networking code in Open Transport makes Mac rival the speed of WinNT4.
With Mac, one doesn't have to reboot when switching network settings, which
has been in the OS since OT 1.1.1. Windows still requires a reboot whenever
you change anything in the netw |
|
f**n 发帖数: 401 | 5 我在winnt4.0上面运行iis,网页设定为www.mysite.com/abc,对影的服务器上面的
文件夹是c:\abc
现在在ie里面打www.mysite.com/abc就会出现如下错误:
"HTTP/1.0 403 Access Forbidden", 但是如果打www.mysite.com/abc/index.html就
可以访问。
我检查了iis的设置,发现iis里面的缺省网页项是index.html,设定好的没有问题。
在server上检查,c:\abc的web服务也是running的。
但是无论怎么调,这个问题总是不能解决。有时候重起机器,错误就消失了,
但是有时候就是不行。
请问大虾,你们碰到这个问题怎么解决的?IIS里面还有什么和这个error相关的配置啊?
Thanks a lot! |
|
r****y 发帖数: 26819 | 6 这是server本身的bug问题,与你在自己的网页链接里使用相对链接呢,还是使用绝对链
接呢,是两个完全不同的问题。
换句话说,如果server是Microsoft Index
Server2.0,就可能存在被人利用webhits.dll加上相对路径来获取系统信息,就算你在自
己的网页里不使用相对链接,也是一样的。
就是说,那是一个server系统自身的bug。而且仅仅针对webhits.dll这个文件的使用参数
而言。并不是说因为这个原因的存在,所有Microsoft Index
Server2.0上的网页使用../都会引起安全隐患,而这些网页不使用../也不说明就没有这
个系统隐患了。用户自己在URL敲入webhits.dll加上../等参数一样可以窥视系统。和你
使用什么链接方式无关。
如果系统因为这个把../给禁掉了,那是另一回事。DW里有路径的自动update功能,所以
也还是可以用两个site,到时候update一下路径就可以了。不过你想一下,现在有多少网
站用WinNT4.0,WinNT 2000.0做服务器?就算还是这些操作系统,这个bug想必也修复了吧
?
已
Se |
|
A*****h 发帖数: 55 | 7 Basically, I wish to install a oracle server on my own PC
and try it out. Anyone have done this please recommend a
desirable environment. OS, HD space, etc. I want to make it
able to try as much features of online E-Commerce as
possible. Here are my questions to begin with:
1. I am using win98. Do I need win2k or winnt4? or even
NT Server4.0(backoffice) for oracle8.04. I tried it
before
on win2k, but had some problems: can't install server,
only
client, don't know how to enter the passw |
|
o*b 发帖数: 42 | 8 Oracle DB will occupy about 1G hd. You'd better use winnt4.0,
either workstation or server does not matter. If you want
to use win2k, you need to install Oracle8i(8.1.6) which is
win2k compliant.
Normally Oracle DB client is for remote access to Oracle DB
server. It does not make sense to only install the client
if you do not have a Oracle DB Server installed.
In addition, it is recommended to have at least 128M memory.
On my machine, even it does nothing, Oracle DB service still
uses over 80 |
|
f*****c 发帖数: 22 | 9 Yes, for tpc-c benchmark.
I am just wondering why DB2 can achieve sth like this. It is the most
slowest DBMS server in the world, :-)
Tghe server is win2k cluster, which is one of the most advanced technologies
MS boast of. But for ordinary PC wihtoug >16 cpu, NT is good enough.
For ordinary win2k server, it seems it will consume more memory than
its ancestor-winnt4 workstation. So I do not think it will have a better
performance if you have less than 256M memory, :-)
Actually, I runned TPC-H be |
|
w**d 发帖数: 1476 | 10 Yes, probably you can not install SQL 2000 on Win2000Pro.
I had never tried that, but I can not install sql7 on winnt4 wkstation.
You don't need advanced server, just server should be ok. |
|
j***y 发帖数: 2074 | 11 Hi, all:
Now I want to install Perl DBI support for MySQL.
I first typed "ppm" in the command prompt, and thereafter typed "install DBI"
at the PPM prompt, but got the following response:
Error installing package 'DBI': Could not locate a PPD file for package DBI.
what does the error mean?
anyone has had the same experience?
any solution?
(my OS is WinNT4.0, my perl version is ActivePerl 5.6.1, build 628)
thanks, |
|
z*******3 发帖数: 13709 | 12 看了一下,关于客户端的os是在user agent string里面的
这是一个不完全列表,在想安桌和ios是什么?
// Match user agent string with operating systems
'Windows 3.11' => 'Win16',
'Windows 95' => '(Windows 95)|(Win95)|(Windows_95)',
'Windows 98' => '(Windows 98)|(Win98)',
'Windows 2000' => '(Windows NT 5.0)|(Windows 2000)',
'Windows XP' => '(Windows NT 5.1)|(Windows XP)',
'Windows Server 2003' => '(Windows NT 5.2)',
'Windows Vista' => '(Windows NT 6.0)',
'Windows 7' => '(W... 阅读全帖 |
|
x****u 发帖数: 44466 | 13 Win7的控制面板,不少东西从WinNT4时代就没动过,只是隐藏的越来越巧妙,这玩意不
是捉迷藏是什么。
至于卸载优盘,老年人真不容易找那个小图标。。。
老花 |
|
d******d 发帖数: 1 | 14 if you use winNT4.0, reboot by setup-CD and select repair
it. but you should reinstall other applications. after that,
go to winNT upgrade page(www.msn.com/...) and download the
service package6. install it. Hope it's useful. |
|
h*******s 发帖数: 616 | 15 我现在使用的操作系统是winnt4.0,每次启动时系统自动共享c:和d:,但从其他计算机访
问又看不到它们。这是为什么?如何取消这个缺省设置使它们不自动共享? |
|
s****r 发帖数: 27 | 16 前面没有说清楚,我也没有搞清楚.我是在远端telnet上UNIX,从远端
安装cxterm.客户端是winnt4+Xwinpro.刚开始不知道启动远端的CXterm
时用的字体到底是在服务器端还是客户端的,现在终于搞清楚是用的
客户端的Xserver,并且也配制好了终于可以了!
其实我的最终目的是要在openwin里使用cxterm,但是赫然发现系里
的openwin竟然没有make,\这下一时没招了,只好登陆上学校的UNIX
MAKE,现在还没有想出如何解决这个问题,难不成还非得从系里登陆
到学校用? 在系里的OPENWIN上只家桓鲎痔 |
|
j***y 发帖数: 2074 | 17 i am using exceed under winnt4.0 in lab.
everytime i log into my account, i open a xterm window.
if there is a way to open 4 xterm windows when login, and let them arranged in
order to fill the desktop in exceed?
i try to modify the open-windown.ini file in my directory, but not
successfully.
any suggestions? |
|
l*i 发帖数: 136 | 18 呵呵,我干过同样得事情,开始没留神Richwin2K不能用在NT上。
结果弄得心惊肉跳。差点重装系统。
后来解决得办法是重新安装Richwin97 for Nt workstatiuon.
当然不是那么顺利地就装了,开始怎么都没法输入序列好,字体有问题。
最后是先装NJStar,用NJStar显示中文,然后安装Richwin97,
然后安装IE5.5。 穷折腾了一夜。 |
|
a*****a 发帖数: 15 | 19 要有power user以上的权限才可以做sharing
【 以下文字转载自 Software 讨论区 】
【 原文由 Lcu 所发表 】
OS:WINNT4+SP4
今天想把LAB里一个机器的FOLER SHARING,CLICK 右键后没有SHARING。。。
这个ITEM,这个机器以前什么样子我不知道,反正现在至少不能按常规方法SHARING。。。
请问怎么能把SHARING填加进来呢(不从装系统的情况下)?
(难道必须是SP6才可以?)
3x... |
|