[10949] in bugtraq
Re: Fwd: Information on MS99-022
daemon@ATHENA.MIT.EDU (Aleph One)
Mon Jul 5 16:21:30 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <19990705132045.E6219@underground.org>
Date: Mon, 5 Jul 1999 13:20:45 -0700
Reply-To: Aleph One <aleph1@UNDERGROUND.ORG>
From: Aleph One <aleph1@UNDERGROUND.ORG>
To: BUGTRAQ@NETSPACE.ORG
I am killing this thread. This is degenerating into the old Full Disclosure
debate. To answer Darren, yes there is a public vulnerability database.
Check out the one at Security Focus (http://www.securityfocus.com/).
Finally, we have received via an anonymous source the details of
the vulnerability. From the SF vulnerability database:
This vulnerability could allow a web site viewer to obtain the source
code for .asp and similar files if the server's default language
(Input Locale) is set to Chinese, Japanese or Korean. How this
works is as follows:
IIS checks the extension of the requested file to see if it needs to do
any processing before delivering the information. If the requested extension
is not on it's list, it then makes any language-based calculations, and
delivers the file. If a single byte is appended to the end of the
URL when IIS to set to use one of the double-byte language packs
(Chinese, Japanese, or Korean) the language module will strip it as invalid,
then look for the file. Since the new URL now points to a valid filename, and
IIS has already determined that this transaction requires no processing,
the file is simply delivered as is, exposing the source code.
--
Aleph One / aleph1@underground.org
http://underground.org/
KeyID 1024/948FD6B5
Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01
