Misconfiguration and a clear case of rtfm;)

SecureIIS has been able to change its error files since day 1.

Either do a hard change of the html file, or use gui to point to a
file/web.

Best regards

/Patrick

Patrick Ohlson
Frontosa Dynamic Partner AB

Tel +46 (0) 155 21 10 55
Fax +46 (0) 155 21 20 77

E-mail: patrickfrontosa.se
http://www.frontosa.se

Si vis pacem, para bellum

-----Ursprungligt meddelande-----
Från: Sacha Faust [mailto:sachaseverus.org]
Skickat: den 23 januari 2002 23:09
Till: webappsecsecurityfocus.com
Ämne: Detecting if SecureIIS from Eeye is installed

I taught this might interest this list also. See below

» -----Original Message-----
» From: Sacha Faust [mailto:sachaseverus.org]
» Sent: terça-feira, 22 de Janeiro de 2002 3:10
» To: pen-testsecurityfocus.com
» Subject: Detecting if SecureIIS from Eeye is installed
»
»
» This is not something big and I don't consider it a bug but
» it's something that migh be usefull when trying to brake an
» IIS server. I don't have a copy of the software so I don't
» know if this is cause by misconfiguration or something else. » While
debugging after someone mentionned a problem with an » early version of
Metis 1.1, I saw that you can detect the » presence of the SecureIIS
product from Eeye by issuing an » HEAD request on any files or folder
and looking at the return » data. The SecureIIS will return HTTP error
code 406 (Not Acceptable), » Content-Length: 1176 and Content-Type:
text/html. It will » also announce itself in the reply message. Here is
an example » » E:\Metis>nc -v www.site.com 80 » www.site.com
[111.111.111.111] 80 (http) open » HEAD / » » HTTP/1.1 406 » Server:
Microsoft-IIS/4.0 » Date: Tue, 22 Jan 2002 02:23:42 GMT » Content-Type:
text/html » Content-Length: 1176 » » <HTML> » <BODY text=#000000
vLink=#ff9900 link=#ff9900 » bgColor=#ffffff> <TABLE cellSpacing=5
cellPadding=3 width=400>
» <TBODY>
» <TR>
» <TD vAlign=center align=left width=400><FONT
» face=Verdana,Arial,Helvetica
» size=2><FONT size=3><B>SecureIIS application firewall security
» alert</B></FONT><BR><BR><BR>HTTP Request caused a
» security alert, please
» contact our web master if you are getting this alert in
» error.<BR><BR>
» <HR>
» <BR><B>What is SecureIIS</B><BR>SecureIIS offers websites
» running Microsoft Internet Information Server a broad
» range of protection
»
» from common vulnerabilities, both known and unknown.
» Because SecureIIS
» does not protect against specific vulnerabilities, but
» classes of
» vulnerabilities, it allows for a much more far reaching
» layer of security.
»
» <BR><BR>
» <HR>
» <BR>For more information on SecureIIS, please visit <A
»
» href="http://www.eeye.com/SecureIIS/">http://www.eeye.com/Secu
» reIIS/</A><B
» R><BR><B><FONT
» color=#ff7000>eEye</FONT>Ö Digital Security</B> -
» <I>Vulnerability Is
» Over...</I></FONT></TD></TR></TBODY></TABLE></BODY></HTML>
»
»
»
»
» ---------
» Sacha Faust
» sachaseverus.org
» Metis : http://www.ideahamster.org/tid.htm

-------
Sacha Faust
sachaseverus.org

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]