史萊姆論壇 - 查看單個文章

psac · 2004-08-13, 09:07 PM

受影響的版本：

　　Windows Server 2003 (Internet Explorer 6.0)

　　漏洞觀察：

　　Windows Server 2003的這個漏洞會致使遠端攻擊者篡改註冊表"Shell Folders"目錄，從而無需任何登入認證，輕易獲得系統檔案夾中%USERPROFILE%文件的訪問權。

　　ex.) %USERPROFILE% = "C:\Documents and Settings\%USERNAME%"

　　詳細資料：

　　遠端攻擊者篡改Windows Server 2003系統註冊表中的"Shell Folders"目錄，通過"shell:[Shell Folders]\..\" 將本機文件與惡意程序連接。

　　[Shell Folders]

　　HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

　　 AppData: "C:\Documents and Settings\%USERNAME%\Application Data"

　　 Cookies: "C:\Documents and Settings\%USERNAME%\Cookies"

　　 Desktop: "C:\Documents and Settings\%USERNAME%\Desktop"

　　 Favorites: "C:\Documents and Settings\%USERNAME%\Favorites"

　　 NetHood: "C:\Documents and Settings\%USERNAME%\NetHood"

　　 Personal: "C:\Documents and Settings\%USERNAME%\My Documents"

　　 PrintHood: "C:\Documents and Settings\%USERNAME%\PrintHood"

　　 Recent: "C:\Documents and Settings\%USERNAME%\Recent"

　　 SendTo: "C:\Documents and Settings\%USERNAME%\SendTo"

　　 Start Menu: "C:\Documents and Settings\%USERNAME%\Start Menu"

　　 Templates: "C:\Documents and Settings\%USERNAME%\Templates"

　　 Programs: "C:\Documents and Settings\%USERNAME%\Start Menu\Programs"

　　 Startup: "C:\Documents and Settings\%USERNAME%\Start Menu\Programs\Startup"

　　 Local Settings: "C:\Documents and Settings\%USERNAME%\Local Settings"

　　 Local AppData: "C:\Documents and Settings\%USERNAME%\Local Settings\Application Data"

　　快取: "C:\Documents and Settings\%USERNAME%\Local Settings\Temporary Internet Files"

　　 History: "C:\Documents and Settings\%USERNAME%\Local Settings\History"

　　 My Pictures: "C:\Documents and Settings\%USERNAME%\My Documents\My Pictures"

　　 Fonts: "C:\WINDOWS\Fonts"

　　 My Music: "C:\Documents and Settings\%USERNAME%\My Documents\My Music"

　　 My Video: "C:\Documents and Settings\%USERNAME%\My Documents\My Videos"

　　 CD Burning: "C:\Documents and Settings\%USERNAME%\Local Settings\Application

　　Data\Microsoft\CD Burning"

　　Administrative Tools: "C:\Documents and Settings\%USERNAME%\Start

　　Menu\Programs\Administrative Tools"

　　惡意程式碼示例：

　　**************************************************

　　This exploit reads %TEMP%\exploit.html.

　　You need to create it.

　　And click on the malicious link.

　　**************************************************

　　Malicious link:

　　<a href="shell:cache\..\..\Local Settings\Temp\exploit.html">Exploit</a>

　　微軟舉措：

　　微軟已於6月9日發佈了此漏洞公告，計劃於下一個版本的windows修正檔中增加此漏洞的修補程式。

2004-08-13, 09:07 PM	#1
psac 榮譽會員榮譽勳章勳章總數19 UID - 3662 在線等級: 註冊日期: 2002-12-07 住址: 木柵市立動物園文章: 17381 精華: 2 現金: 5253 金幣資產: 33853 金幣	看好註冊表微軟Server2003潛伏重大安全缺陷受影響的版本：　　Windows Server 2003 (Internet Explorer 6.0) 　　漏洞觀察：　　Windows Server 2003的這個漏洞會致使遠端攻擊者篡改註冊表"Shell Folders"目錄，從而無需任何登入認證，輕易獲得系統檔案夾中%USERPROFILE%文件的訪問權。　　ex.) %USERPROFILE% = "C:\Documents and Settings\%USERNAME%" 　　詳細資料：　　遠端攻擊者篡改Windows Server 2003系統註冊表中的"Shell Folders"目錄，通過"shell:[Shell Folders]\..\" 將本機文件與惡意程序連接。　　[Shell Folders] 　　HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders 　　 AppData: "C:\Documents and Settings\%USERNAME%\Application Data" 　　 Cookies: "C:\Documents and Settings\%USERNAME%\Cookies" 　　 Desktop: "C:\Documents and Settings\%USERNAME%\Desktop" 　　 Favorites: "C:\Documents and Settings\%USERNAME%\Favorites" 　　 NetHood: "C:\Documents and Settings\%USERNAME%\NetHood" 　　 Personal: "C:\Documents and Settings\%USERNAME%\My Documents" 　　 PrintHood: "C:\Documents and Settings\%USERNAME%\PrintHood" 　　 Recent: "C:\Documents and Settings\%USERNAME%\Recent" 　　 SendTo: "C:\Documents and Settings\%USERNAME%\SendTo" 　　 Start Menu: "C:\Documents and Settings\%USERNAME%\Start Menu" 　　 Templates: "C:\Documents and Settings\%USERNAME%\Templates" 　　 Programs: "C:\Documents and Settings\%USERNAME%\Start Menu\Programs" 　　 Startup: "C:\Documents and Settings\%USERNAME%\Start Menu\Programs\Startup" 　　 Local Settings: "C:\Documents and Settings\%USERNAME%\Local Settings" 　　 Local AppData: "C:\Documents and Settings\%USERNAME%\Local Settings\Application Data" 　　快取: "C:\Documents and Settings\%USERNAME%\Local Settings\Temporary Internet Files" 　　 History: "C:\Documents and Settings\%USERNAME%\Local Settings\History" 　　 My Pictures: "C:\Documents and Settings\%USERNAME%\My Documents\My Pictures" 　　 Fonts: "C:\WINDOWS\Fonts" 　　 My Music: "C:\Documents and Settings\%USERNAME%\My Documents\My Music" 　　 My Video: "C:\Documents and Settings\%USERNAME%\My Documents\My Videos" 　　 CD Burning: "C:\Documents and Settings\%USERNAME%\Local Settings\Application 　　Data\Microsoft\CD Burning" 　　Administrative Tools: "C:\Documents and Settings\%USERNAME%\Start 　　Menu\Programs\Administrative Tools" 　　惡意程式碼示例：　　************************************************ 　　This exploit reads %TEMP%\exploit.html. 　　You need to create it. 　　And click on the malicious link. 　　************************************************ 　　Malicious link: 　　<a href="shell:cache\..\..\Local Settings\Temp\exploit.html">Exploit</a> 　　微軟舉措：　　微軟已於6月9日發佈了此漏洞公告，計劃於下一個版本的windows修正檔中增加此漏洞的修補程式。

	送花文章: 3, 收花文章: 1631 篇, 收花: 3205 次