Re: Fw: New vulnerability in IIS4.0/5.0

From: Renaud Deraison (deraisonat_private)
Date: Wed Sep 19 2001 - 09:48:11 PDT

Next message: Renaud Deraison: "Re: Fw: New vulnerability in IIS4.0/5.0"

Previous message: Matt Moore: "RE: New vulnerability in IIS4.0/5.0"
In reply to: Felix Huber: "Fw: New vulnerability in IIS4.0/5.0"
Next in thread: John Q. Public: "Re: Fw: New vulnerability in IIS4.0/5.0"
Next in thread: Renaud Deraison: "Re: Fw: New vulnerability in IIS4.0/5.0"
Reply: John Q. Public: "Re: Fw: New vulnerability in IIS4.0/5.0"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Sep 19, 2001 at 06:29:19PM +0200, Felix Huber wrote:
> I just wrote a NASL for this Bug. Its untested but I hope it works.
> The problem was I found no IIS where I could reproduce this error ( I testet
> five IIS 4 and IIS 5 Boxes ).
> I will improve it when i found a working Box ...

I think it would be wiser to re-use iis_dir_traversal.nasl, which was
heavily worked on and which does not only check for /scripts.

Attached is a modified version of it (but I don't know if it works or
not, I could not reproduce the flaw yet).

				-- Renaud

text/plain attachment: iis_utf.nasl

Next message: Renaud Deraison: "Re: Fw: New vulnerability in IIS4.0/5.0"
Previous message: Matt Moore: "RE: New vulnerability in IIS4.0/5.0"
In reply to: Felix Huber: "Fw: New vulnerability in IIS4.0/5.0"
Next in thread: John Q. Public: "Re: Fw: New vulnerability in IIS4.0/5.0"
Next in thread: Renaud Deraison: "Re: Fw: New vulnerability in IIS4.0/5.0"
Reply: John Q. Public: "Re: Fw: New vulnerability in IIS4.0/5.0"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Sep 19 2001 - 09:47:42 PDT