Office2K对IIS的意外影响(下)

hyzqb

<iframe align="top" marginwidth="0" marginheight="0" src="http://www.zealware.com/csdnblog01.html" frameborder="0" width="728" scrolling="no" height="90"></iframe>Office2K对IIS的意外影响(下)<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />

Article last modified on 2002-9-10

The information in this article applies to: ü Microsoft IIS 5.0 ü Microsoft FrontPage ü Microsoft Outlook Web Access ü Microsoft Exchange 2000

【具体流程】：
下面我们结合网络监视器捕获的包，来讲解一下具体流程。
蓝色的字体代表捕获的包体，这里只是部分包内容。
红色的字体代表需要重视的包内容。
绿色的字体代表我的注释。
从第594个包到第625个包的解释(弹出对话框情况下的)：
OPTIONS /XY/XYZUV/XYZUVW.dll/迁移方案.doc?ClassName=XY_ZUVWABCDEF.GHIJKM&sessio=nmA3F0F1-B122-4814-AD29-0B4B6F686B40&Validate=YES&URL=http://xyzuvwabcde/exchange/zhengyun/%E6%94%B6%E4%BB%B6%E7%AE%B1/%E8%BF%81%E7%A7%BB%E6%96%B9%E6%A1%88.doc-2.EML HTTP/1.1
User-Agent: Microsoft Data Access Internet Publishing Provider Cache Manager
Host: xyserver
Content-Length: 0
Connection: Keep-Alive
第一步，客户端的Explorer发送给服务器一个OPTIONS /HTTP/1.1的请求，请注意它的User-Agent已经改变了。
….. HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: <?xml:namespace prefix = st1 ns = "urn:schemas-microsoft-com:office:smarttags" /><date year="2002" day="10" month="9"><span lang="EN-US" style="COLOR: blue; FONT-FAMILY: Arial">Tue, 10 Sep 2002</span></date> <time minute="46" hour="4"><span lang="EN-US" style="COLOR: blue; FONT-FAMILY: Arial">04:46:35 GMT</span></time>
Set-Cookie: sessionid=b198d31e-08d1-409e-8b1c-6b484f024bbb,0x804; path=/exchange/zhengyun
Content-Type: text/html
Content-Length: 796
ETag: "b9cdb478f9b2a343a2f0b41c6df4e7b300000033dec1"
Accept-Ranges: bytes
MS-WebStorage: 6.0.4712
Cache-Control: no-cache
…
这是第二步：
…..POST /_vti_bin/shtml.dll/_vti_rpc HTTP/1.1
Date: <date year="2002" day="10" month="9"><span lang="EN-US" style="COLOR: blue; FONT-FAMILY: Arial">Tue, 10 Sep 2002</span></date> <time minute="46" hour="4"><span lang="EN-US" style="COLOR: blue; FONT-FAMILY: Arial">04:46:35 GMT</span></time>
MIME-Version: 1.0
User-Agent: MSFrontPage/4.0
Host: xyserver
Accept: auth/sicily
Content-Length: 127
Content-Type: application/x-www-form-urlencoded
X-Vermeer-Content-Type: application/x-www-form-urlencoded
Connection: Keep-Alive
Cache-Control: no-cache
上面的请求的含义：客户端好像认定了authoring binaries的位置，直接发送一个POST /_vti_bin/shtml.dll/_vti_rpc HTTP/1.1到服务器。Shtml.dll是browse binary，权限是everyone。POST的数据是下面的这个method=url+to+web+url%3a….：
method=url+to+web+url%3a4%2e0%000%2e4715&url=%2fum%2fisapi%2fComBox%2edll%2f%e8%bf%81%e7%a7%bb%e6%96%11%e1%a1%88%2edoc&flags=0 HTTP/1.1 100 Continue

….
然后，服务器返回这么一个HTML：
vermeer RPC packet

method=url to web url:4.0.2.4715
　　webUrl=/

　　fileUrl=um/isapi/ComBox.dll/ooooooÓoo案.doc