[14261] in bugtraq
Enumerate Root Web Server Directory Vulnerability for IIS 4.0
daemon@ATHENA.MIT.EDU (Jason Lutz)
Sat Mar 11 23:59:57 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <007201bf89dc$a18dd2e0$056fee3f@spis.net>
Date: Thu, 9 Mar 2000 09:32:07 -0600
Reply-To: Jason Lutz <jason@SPIS.NET>
From: Jason Lutz <jason@SPIS.NET>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
BugTraq,
I was recently auditing the security on one of my web servers when I came
across a new Extension Enumerate Root Web Server Directory Vulnerability for
IIS 4.0. Going to the main website and asking for anything.idq I get the
page cannot be found. But if the files for the web server reside on a share
the full network path is found.
The Exploit:
On the shared network drive, http://server/anything.idq
The file \\share\wwwroot\inetpub\webpage\*.idq is on a network share. IDQ,
IDA and HTX files cannot be placed on a network share.
Tested on Windows NT 4.0 Service Pack 5 and 6a
I would like to say thank you to rain.forest.puppy. for all of his help.
props out to ADM, Wiretrip, w00w00 and l0pht.
Jason Lutz
Sprint Print Inc
jason@spis.net
