Full Disclosure mailing list archives
IIS 5.1 Source Disclosure Under FAT/FAT32 Volumes Using WebDAV
From: Jerome Athias <jerome.athias () free fr>
Date: Wed, 07 Sep 2005 13:37:14 +0200
It is possible to remotely view the source code of web script files though a specially crafted WebDAV HTTP request. Only IIS 5.1 seems to be vulnerable. The web script file must be on a FAT or a FAT32 volume, web scripts located on a NTFS are not vulnerable. The information has been provided by Inge Henriksen <mailto:inge.henriksen%20at%20booleansoft.com>. The original article can be found at: http://ingehenriksen.blogspot.com/2005/09/iis-51-allows-for-remote-viewing-of.html Advisory in french: http://www.athias.fr/alertes-bulletins-securite/20050907_Microsoft.IIS.5.1_Divulgation.de.Sources.html Regards /JA
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- IIS 5.1 Source Disclosure Under FAT/FAT32 Volumes Using WebDAV Jerome Athias (Sep 07)
- Re: IIS 5.1 Source Disclosure Under FAT/FAT32 Volumes Using WebDAV security curmudgeon (Sep 10)