|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Enumerate Root Web Server Directory Vulnerability for IIS 4.0
From: Chris Paget (chris.paget
ANALYSYS.COM)Date: Fri Mar 17 2000 - 03:29:05 CST
- Next message: Chip Andrews: "SQL Server Vulnerability details"
- Previous message: Larry Cashdollar: "wmcdplayer exploits."
- In reply to: Jason Lutz: "Enumerate Root Web Server Directory Vulnerability for IIS 4.0"
- Reply: Chris Paget: "Re: Enumerate Root Web Server Directory Vulnerability for IIS 4.0"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
At 09:32 09/03/2000 -0600, you wrote:
>BugTraq,
>
> I was recently auditing the security on one of my web servers when I came
>across a new Extension Enumerate Root Web Server Directory Vulnerability for
>IIS 4.0. Going to the main website and asking for anything.idq I get the
>page cannot be found. But if the files for the web server reside on a share
>the full network path is found.
>
>The Exploit:
>
>On the shared network drive, http://server/anything.idq
>
>The file \\share\wwwroot\inetpub\webpage\*.idq is on a network share. IDQ,
>IDA and HTX files cannot be placed on a network share.
Confirmed in IIS 5 as well - Windows 2000 professional (build 2195), IIS 5.
Same eror message.
Chris
-- Chris Paget Software Engineer, Analysys LTD.chris.paget
- Next message: Chip Andrews: "SQL Server Vulnerability details"
- Previous message: Larry Cashdollar: "wmcdplayer exploits."
- In reply to: Jason Lutz: "Enumerate Root Web Server Directory Vulnerability for IIS 4.0"
- Reply: Chris Paget: "Re: Enumerate Root Web Server Directory Vulnerability for IIS 4.0"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]