Bugtraq mailing list archives

Re: Enumerate Root Web Server Directory Vulnerability for IIS 4.0

From: chris.paget () ANALYSYS COM (Chris Paget)
Date: Fri, 17 Mar 2000 09:29:05 +0000


At 09:32 09/03/2000 -0600, you wrote:

BugTraq,

  I was recently auditing the security on one of my web servers when I came
across a new Extension Enumerate Root Web Server Directory Vulnerability for
IIS 4.0. Going to the main website and asking for anything.idq I get the
page cannot be found. But if the files for the web server reside on a share
the full network path is found.

The Exploit:

On the shared network drive, http://server/anything.idq

The file \\share\wwwroot\inetpub\webpage\*.idq is on a network share. IDQ,
IDA and HTX files cannot be placed on a network share.


Confirmed in IIS 5 as well - Windows 2000 professional (build 2195), IIS 5.
 Same eror message.

Chris


--
Chris Paget
Software Engineer, Analysys LTD.

chris.paget () analysys com

Current thread:

Re: a few bugs ..., (continued)
- - - Re: a few bugs ... Coke (Mar 20)
    - Re: a few bugs ... Daniel Jacobowitz (Mar 20)
    - Re: a few bugs ... Michal Zalewski (Mar 20)
    - DoS with NAVIEG PAUL VanDyke (Mar 17)
    - [ANNOUNCE] strace for NT tsabin () RAZOR BINDVIEW COM (Mar 13)
    - Linux patch for blocking buffer overflow based attacks massimo () IAC RM CNR IT (Mar 10)
    - ICQ remote DoS Philip Stoev (Mar 10)
  - TESO advisory -- atsadc krahmer () CS UNI-POTSDAM DE (Mar 11)
  - Re: [ Hackerslab bug_paper ] Linux printtool get printer passwor Brian Knotts (Mar 13)
- Enumerate Root Web Server Directory Vulnerability for IIS 4.0 Jason Lutz (Mar 09)
  - Re: Enumerate Root Web Server Directory Vulnerability for IIS 4.0 Chris Paget (Mar 17)
  - SQL Server Vulnerability details Chip Andrews (Mar 18)
- Re: PGP Signatures security BUG! Florian Weimer (Mar 10)
  - Re: PGP Signatures security BUG! Will Price (Mar 20)
  - Esafe Protect Gateway (CVP) does not scan virus under some conditions Hugo.van.der.Kooij () CAIW NL (Mar 21)
    - Re: Esafe Protect Gateway (CVP) does not scan virus under some conditions Alon Rotem (Mar 24)
  - Security bug in Apache project: Jakarta Tomcat Jan Madsen (Mar 21)
  - [TL-Security-Announce] nmh-1.0.2 and earlier TLSA200008-1 Katie Moussouris (Mar 21)
- New Solaris Vulnerability Calculator, Sun Mailing list, and Sun Focus area from SecurityFocus.com Jeremy Rauch (Mar 13)
- Re: PGP Signatures security BUG! Tobias Haustein (Mar 08)
  - Re: PGP Signatures security BUG! Povl H. Pedersen (Mar 09)

(Thread continues...)