Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re[2]: [NTSEC] ! [ADVISORY] Major Security Hole in MS ASP
From: daragh_malone () TELECOM IE (daragh_malone () TELECOM IE)
Date: Tue, 25 Feb 1997 17:12:00 GMT


        Just modified the registry entry to deal with ".ASP." files. However,
this doesn't protect against ".ASP.." or ".ASP...", etc. You'd have to add a
number of entries, up to the MAXLENGTH of the URL, if there is one, for each
server script.
        Best bet is a separate folder as mentioned below.


______________________________ Reply Separator _________________________________
Subject: Re: [NTSEC] ! [ADVISORY] Major Security Hole in MS ASP
Author:  Mitja Kolsek <mitja.kolsek () IJS SI> at csgnet
Date:    25/02/97 16:44


I suppose there's a simpler solution for those who want to protect their
asp, .idc & .htx files that are so well mixed among regular .htm files.
In your registry, under IIS ScriptMapping
(HKEY_LOCAL_MACHINE/System/CurrentControlSet/Services/W3SVC/Parameters/Scrip
tMapping)
(could be this is not _quite_ exact, but you'll find it)
Create a string value named ".ASP." (note the ending dot) and copy its data
from ".ASP" value already present in this registry key if you're running
IIS 3.0. This successfully renders the 'dot attack' ineffective. Apply this
procedure to all script extensions.

Nevertheless I suggest moving all script files to a separate folder, so use
this technique only as a temporary measure. There will soon be another
security hole in the wild so it's better to be prepared.



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault