OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: FW: Enumerate Root Web Server Directory Vulnerability for IIS 4.0
From: Ollie Whitehouse (ollieDELPHISPLC.COM)
Date: Wed Mar 15 2000 - 03:31:52 CST

All,

After a poke from rfp I see that I did not look in to the problem enough and
have come up with a solution that hacks-around dll generated errors
(although not advised).

Rgds

Ollie
-----------------
From: Ollie Whitehouse
Sent: 15 March 2000 09:28
To: 'rain forest puppy'
Subject: RE: Enumerate Root Web Server Directory Vulnerability for IIS
4.0

rfp,

Ok my original diagnosis may of been incomplete, a couple solutions to the
problem (although not tidy and should only be used as a temporary messure).
Firstly the IDQ error messages is generated by IDQ.dll not HTTPODBC.dll ;o),

1) The I need IDQ support solution:
I won't give offsets due to the different DLL versions floating around but
if you locate the error message with a hexeditor you see the folllowing:

0002D150 2C00 0000 5468 6520 4944 5120 6669 6C65 ,...The IDQ file
0002D160 2025 3220 636F 756C 6420 6E6F 7420 6265 %2 could not be

Be brutle very brutle and replace the %2 with ??, this should fix nearly all
occurances of Path Enumartion type problem like these you then use a
patching tool to create a patch to patch Microsofts DLLs ;o).... that would
do for now. Obviously the pretty way of doing this is to either to append to
the DLL and provide a new JMP point when the error is called to the new
error message (viri techniques). The solution above is just a quick-n-dirty
fix.

2) I don't need IDQ support
IIS MMC

-> WebSite -> Properties -> Homedirectory -> Configuration

then remove support for all extensions you don't require.

Rgds

Ollie