BugTraq, I was recently auditing the security on one of my web servers when I came across a new Extension Enumerate Root Web Server Directory Vulnerability for IIS 4.0. Going to the main website and asking for anything.idq I get the page cannot be found. But if the files for the web server reside on a share the full network path is found. The Exploit: On the shared network drive, http://server/anything.idq The file \\share\wwwroot\inetpub\webpage\*.idq is on a network share. IDQ, IDA and HTX files cannot be placed on a network share. Tested on Windows NT 4.0 Service Pack 5 and 6a I would like to say thank you to rain.forest.puppy. for all of his help. props out to ADM, Wiretrip, w00w00 and l0pht. Jason Lutz Sprint Print Inc jasonat_private
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:39:43 PDT