代码: 全选
SMB 运行在445端口上
远程主机开放了445端口,没有开放139端口。
两台Windows 2000 主机间的'Netbios-less'通讯通过445端口完成。攻击者可以利用该漏洞获取主机的共享连接,用户名列表及其他信息...
解决方案: 过滤该端口收到的数据。
风险等级: 中
代码: 全选
iiprotect bypass
The remote host seems to be running iisprotect, an IIS add-on to protect the
pages served by this server.
There is a bug in the remote server which may allow an attacker to
obtain access to otherwise protected pages by hex-encoding the URLs.
For instance, the url :
/css/?D=A
is protected (code 30x) but the URL :
/css/%3fD=A
is does not ask for a password (code 200).
Solution : Upgrade to iisprotect 2.2 or contact your vendor for a patch
Risk factor : High
BUGTRAQ_ID : 7661
NESSUS_ID : 11663