Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1997_3

Bugtraq archives for 3rd quarter (Jul-Sep) 1997: samples from IIS allows creation of any file

samples from IIS allows creation of any file

Aleph One (aleph1DFW.NET)
Thu, 25 Sep 1997 15:20:13 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: root: "samples from IIS allows creation of any file"
Previous message: Aleph One: "CERT Vendor-Initiated Bulletin VB-97.08 - Transarc"

---------- Forwarded message ----------
Date: Thu, 25 Sep 1997 16:15:14 +0300
From: Vytis Fedaravicius <vytixFLOYD.KTU.LT>
To: NTBUGTRAQNTADVICE.COM
Subject: samples from IIS allows creation of any file

Hello,
while playing with default installation of Microsoft IIS,  I have
discovered that tool for data source cration, newdsn.exe allows creation
of *.mdb files with any name at any location. Eg. url
http://vulnerable.site.com/scripts/tools/newdsn.exe?driver=Microsoft%2BAccess%2BDriver%2B%28*.mdb%29er%2B%28*.mdb%29&dsn=Evil+samples+from+microsoft&dbq=..%2F..%2Fwwwroot%2Fevil.html&newdb=CREATE_DB&attr=

will create file evil.html in wwwroot directory.
evil.html in fact is a Microsoft Access Database.
I am sure someone nasty can think of a DOS or even breaking in using this.

Software: MS IIS 3.0 default installation  on WinNT 4.0 server
Solution: delete newdsn.exe :)

Microsoft was not informed about that, if someone wants, please feel free
to forward this e-mail.

Vytis Fedaravicius

Next message: root: "samples from IIS allows creation of any file"
Previous message: Aleph One: "CERT Vendor-Initiated Bulletin VB-97.08 - Transarc"