|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Enumerate Root Web Server Directory Vulnerability for IIS 4.0
From: Jason Lutz (jason
SPIS.NET)Date: Thu Mar 09 2000 - 09:32:07 CST
- Next message: Jeremy Rauch: "New Solaris Vulnerability Calculator, Sun Mailing list, and Sun Focus area from SecurityFocus.com"
- Previous message: Florian Weimer: "Re: PGP Signatures security BUG!"
- Next in thread: Ollie Whitehouse: "Re: Enumerate Root Web Server Directory Vulnerability for IIS 4.0"
- Reply: Ollie Whitehouse: "Re: Enumerate Root Web Server Directory Vulnerability for IIS 4.0"
- Reply: Ollie Whitehouse: "FW: Enumerate Root Web Server Directory Vulnerability for IIS 4.0"
- Reply: Chris Paget: "Re: Enumerate Root Web Server Directory Vulnerability for IIS 4.0"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
BugTraq,
I was recently auditing the security on one of my web servers when I came
across a new Extension Enumerate Root Web Server Directory Vulnerability for
IIS 4.0. Going to the main website and asking for anything.idq I get the
page cannot be found. But if the files for the web server reside on a share
the full network path is found.
The Exploit:
On the shared network drive, http://server/anything.idq
The file \\share\wwwroot\inetpub\webpage\*.idq is on a network share. IDQ,
IDA and HTX files cannot be placed on a network share.
Tested on Windows NT 4.0 Service Pack 5 and 6a
I would like to say thank you to rain.forest.puppy. for all of his help.
props out to ADM, Wiretrip, w00w00 and l0pht.
Jason Lutz
Sprint Print Inc
jasonspis.net
- Next message: Jeremy Rauch: "New Solaris Vulnerability Calculator, Sun Mailing list, and Sun Focus area from SecurityFocus.com"
- Previous message: Florian Weimer: "Re: PGP Signatures security BUG!"
- Next in thread: Ollie Whitehouse: "Re: Enumerate Root Web Server Directory Vulnerability for IIS 4.0"
- Reply: Ollie Whitehouse: "Re: Enumerate Root Web Server Directory Vulnerability for IIS 4.0"
- Reply: Ollie Whitehouse: "FW: Enumerate Root Web Server Directory Vulnerability for IIS 4.0"
- Reply: Chris Paget: "Re: Enumerate Root Web Server Directory Vulnerability for IIS 4.0"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]