Enumerate Root Web Server Directory Vulnerability for IIS 4.0

From: Jason Lutz (jasonat_private)
Date: Thu Mar 09 2000 - 07:32:07 PST

Next message: Jeremy Rauch: "New Solaris Vulnerability Calculator, Sun Mailing list,"

Previous message: Doug Monroe: "Re: RealServer exposes internal IP addresses"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

BugTraq,

   I was recently auditing the security on one of my web servers when I came
across a new Extension Enumerate Root Web Server Directory Vulnerability for
IIS 4.0. Going to the main website and asking for anything.idq I get the
page cannot be found. But if the files for the web server reside on a share
the full network path is found.

The Exploit:

On the shared network drive, http://server/anything.idq

The file \\share\wwwroot\inetpub\webpage\*.idq is on a network share. IDQ,
IDA and HTX files cannot be placed on a network share.

Tested on Windows NT 4.0 Service Pack 5 and 6a

I would like to say thank you to rain.forest.puppy. for all of his help.

props out to ADM, Wiretrip, w00w00 and l0pht.

Jason Lutz
Sprint Print Inc
jasonat_private

Next message: Jeremy Rauch: "New Solaris Vulnerability Calculator, Sun Mailing list,"
Previous message: Doug Monroe: "Re: RealServer exposes internal IP addresses"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:39:43 PDT