[18477] in bugtraq
Re: IIS 5.0 allows viewing files using %3F+.htr
daemon@ATHENA.MIT.EDU (Leonid Medvedev (home))
Mon Jan 8 19:27:48 2001
Mime-Version: 1.0
Content-Type: text/plain; charset="koi8-r"
Content-Transfer-Encoding: 7bit
Message-Id: <000501c079b4$25669d50$0100007f@localhost.lionchik.home>
Date: Mon, 8 Jan 2001 23:46:59 +0300
Reply-To: "Leonid Medvedev (home)" <user07@ASK-DESIGN.COM>
From: "Leonid Medvedev (home)" <user07@ASK-DESIGN.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <3A59D60E.C2B4FB00@guninski.com>
> Georgi Guninski security advisory #33, 2001
[...]
> If you are not patched the following may work (not discovered by me):
> http://TARGETIIS/scripts/test.pl+.htr
> This does not work for some types of .ASP if they contain certain characters.
This works also at my IIS4 - global.asa exposed fully,
.asp files exposed until the first entry of "<%" (begin of script block)
One of possible workarounds - use MS Script Encoder.
> ----------------------------------------
> http://TARGETIIS/scripts/test.pl%3F+.htr
> ----------------------------------------
This doesn't work on my IIS4 - it closes connection without any response.
----------------------------------------
Regards
Leonid Medvedev [mailto:user07@ask-design.com], MCP
Unofficial Russian IELTS Page [http://www2.ask-design.com/ielts]
