Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: IIS 5.0 allows viewing files using %3F+.htr

From: "Leonid Medvedev (home)" <user07 () ASK-DESIGN COM>
Date: Mon, 8 Jan 2001 23:46:59 +0300
Georgi Guninski security advisory #33, 2001

[...]

If you are not patched the following may work (not discovered by me):
http://TARGETIIS/scripts/test.pl+.htr
This does not work for some types of .ASP if they contain certain characters.


This works also at my IIS4 - global.asa exposed fully,
.asp files exposed until the first entry of "<%" (begin of script block)
One of possible workarounds - use MS Script Encoder.


----------------------------------------
http://TARGETIIS/scripts/test.pl%3F+.htr
----------------------------------------


This doesn't work on my IIS4 - it closes connection without any response.

----------------------------------------
Regards
Leonid Medvedev [mailto:user07 () ask-design com], MCP
Unofficial Russian IELTS Page [http://www2.ask-design.com/ielts]
Previous By Date Next
Previous By Thread Next

Current thread: