Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Fwd: Information on MS99-022
From: aleph1 () UNDERGROUND ORG (Aleph One)
Date: Mon, 5 Jul 1999 13:20:45 -0700

I am killing this thread. This is degenerating into the old Full Disclosure
debate. To answer Darren, yes there is a public vulnerability database.
Check out the one at Security Focus (http://www.securityfocus.com/).

Finally, we have received via an anonymous source the details of
the vulnerability. From the SF vulnerability database:

This vulnerability could allow a web site viewer to obtain the source
code for .asp and similar files if  the server's default language
(Input Locale) is set to Chinese, Japanese or Korean. How this
works is as follows:

IIS checks the extension of the requested file to see if it needs to do
any processing before delivering the information. If the requested extension
is not on it's list, it then makes any language-based calculations, and
delivers the file. If a single byte is appended to the end of the
URL when IIS to set to use one of the double-byte language packs
(Chinese, Japanese, or Korean) the language module will strip it as invalid,
then look for the file. Since the new URL now points to a valid filename, and
IIS has already determined that this transaction requires no processing,
the file is simply delivered as is, exposing the source code.

Aleph One / aleph1 () underground org
KeyID 1024/948FD6B5
Fingerprint EE C9 E8 AA CB AF 09 61  8C 39 EA 47 A8 6A B8 01

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]