Of course this doesn't actually test for the presence of Nimda, nor does it successfully prove vulnerability, since it is rumored to travel via email and obviously is being served by infected http servers. I've seen hosts that are pecking at my door that do not have IIS running, but it was pretty clear by the file shares and the number of .eml files that it wasn't feeling well. .nhoJ On Wed, 19 Sep 2001, Renaud Deraison wrote: |On Wed, Sep 19, 2001 at 06:29:19PM +0200, Felix Huber wrote: |> I just wrote a NASL for this Bug. Its untested but I hope it works. |> The problem was I found no IIS where I could reproduce this error ( I testet |> five IIS 4 and IIS 5 Boxes ). |> I will improve it when i found a working Box ... | |I think it would be wiser to re-use iis_dir_traversal.nasl, which was |heavily worked on and which does not only check for /scripts. | |Attached is a modified version of it (but I don't know if it works or |not, I could not reproduce the flaw yet). | | | -- Renaud
This archive was generated by hypermail 2b30 : Wed Sep 19 2001 - 10:19:30 PDT