Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Subject: Help needed for Repost.asp on iis4
From: NO ROOT (k---kCARAMAIL.COM)
Date: Fri Sep 22 2000 - 04:56:48 CDT
- Next message: Crispin Cowan: "Re: CGI scripts in sh"
- Previous message: Backup: "IE autosearch"
- Next in thread: spi: "Re: Help needed for Repost.asp on iis4"
- Reply: spi: "Re: Help needed for Repost.asp on iis4"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I saw with CIS that my webserver was Vulnerable to :
CIS said :
Microsoft's Site Server 2.0 is installed. This allows users
to upload files to the /users directory. Even if it doesn't
exist any valid user can create the diectory via the web
and the default NTFS permissions given to this directory
give the Everybody Group the "Change" permission - which
allows anybody to create, modify or delete files in that
directory. Added to this IIS gives the "Write" permission
allowing users to use the HTTP PUT REQUEST_METHOD to place
content on the web site via the HTTP protocol. Because of
the defaults, if anonymous access is granted to the site
anybody can do this. Ensure that, if the directory exists
the Anonymous Internet Account is given only read access to
this directory. Remove change permissions for the Everybody
Group and assign permissions per user.
Can someone give me the script that exploit this
Cause i don't know very well HTML coding.
Boîte aux lettres - Caramail - http://www.caramail.com