[14322] in bugtraq
FW: Enumerate Root Web Server Directory Vulnerability for IIS 4.0
daemon@ATHENA.MIT.EDU (Ollie Whitehouse)
Fri Mar 17 02:02:47 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Message-Id: <E153A2F0408CD111955000A0C9609C08814575@exchange.servers.delphis.net>
Date: Wed, 15 Mar 2000 09:31:52 -0000
Reply-To: Ollie Whitehouse <ollie@DELPHISPLC.COM>
From: Ollie Whitehouse <ollie@DELPHISPLC.COM>
X-To: "BUGTRAQ@SECURITYFOCUS.COM" <BUGTRAQ@SECURITYFOCUS.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
All,
After a poke from rfp I see that I did not look in to the problem enough and
have come up with a solution that hacks-around dll generated errors
(although not advised).
Rgds
Ollie
-----------------
From: Ollie Whitehouse
Sent: 15 March 2000 09:28
To: 'rain forest puppy'
Subject: RE: Enumerate Root Web Server Directory Vulnerability for IIS
4.0
rfp,
Ok my original diagnosis may of been incomplete, a couple solutions to the
problem (although not tidy and should only be used as a temporary messure).
Firstly the IDQ error messages is generated by IDQ.dll not HTTPODBC.dll ;o),
1) The I need IDQ support solution:
I won't give offsets due to the different DLL versions floating around but
if you locate the error message with a hexeditor you see the folllowing:
0002D150 2C00 0000 5468 6520 4944 5120 6669 6C65 ,...The IDQ file
0002D160 2025 3220 636F 756C 6420 6E6F 7420 6265 %2 could not be
Be brutle very brutle and replace the %2 with ??, this should fix nearly all
occurances of Path Enumartion type problem like these you then use a
patching tool to create a patch to patch Microsofts DLLs ;o).... that would
do for now. Obviously the pretty way of doing this is to either to append to
the DLL and provide a new JMP point when the error is called to the new
error message (viri techniques). The solution above is just a quick-n-dirty
fix.
2) I don't need IDQ support
IIS MMC
-> WebSite -> Properties -> Homedirectory -> Configuration
then remove support for all extensions you don't require.
Rgds
Ollie
