[14288] in bugtraq
Re: Enumerate Root Web Server Directory Vulnerability for IIS 4.0
daemon@ATHENA.MIT.EDU (Ollie Whitehouse)
Wed Mar 15 00:40:59 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Message-Id: <E153A2F0408CD111955000A0C9609C0881455E@exchange.servers.delphis.net>
Date: Mon, 13 Mar 2000 14:30:57 -0000
Reply-To: Ollie Whitehouse <ollie@DELPHISPLC.COM>
From: Ollie Whitehouse <ollie@DELPHISPLC.COM>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
All,
A way to stop these types of attacks when enumeration of a file path on an
IIS box occurs is to replace the errors with non-default errors pages.
Rgds
Ollie
<%
Ollie Whitehouse
Delphis Consulting
VOX : +44 (0)207 916 0200 (Switchboard)
FAX : +44 (0)207 916 1590 (Main)
FAX : +44 (0)870 0881837 (FAX - E-Mail)
PGP : http://www.ombs.demon.co.uk/pgp.txt
Tag : Who needs Windows2000 when you have OS/2?
%>
-----Original Message-----
From: Jason Lutz [mailto:jason@SPIS.NET]
Sent: 09 March 2000 15:32
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: Enumerate Root Web Server Directory Vulnerability for IIS 4.0
BugTraq,
I was recently auditing the security on one of my web servers when I came
across a new Extension Enumerate Root Web Server Directory Vulnerability for
IIS 4.0. Going to the main website and asking for anything.idq I get the
page cannot be found. But if the files for the web server reside on a share
the full network path is found.
The Exploit:
On the shared network drive, http://server/anything.idq
The file \\share\wwwroot\inetpub\webpage\*.idq is on a network share. IDQ,
IDA and HTX files cannot be placed on a network share.
Tested on Windows NT 4.0 Service Pack 5 and 6a
I would like to say thank you to rain.forest.puppy. for all of his help.
props out to ADM, Wiretrip, w00w00 and l0pht.
Jason Lutz
Sprint Print Inc
jason@spis.net
