Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Alert: MS IIS 4 / IS 2 (Cerberus Security Advisory CISADV000126)
From: mnemonix () GLOBALNET CO UK (Mnemonix)
Date: Tue, 1 Feb 2000 06:51:13 -0000


From: "John D. Hardin" <jhardin () wolfenet com>

On Fri, 28 Jan 2000, Mnemonix wrote:

I apply the patch from Microsoft and it doesnt change the problem. I
test
this after and the problem are the same

*** WARNING ****
Even if you have no .htw files on your system you're probably
still vulnerable! A quick test to show if you are vulnerable:
go to http://YOUR_WEB_SERVER_ADDRESS_HERE/nosuchfile.htw
If you receive a message stating the "format of the QUERY_STRING
is invalid" you _are_ vulnerable.

This test is to see if you're vulnerable _before_ you apply the
patch. After you install the patch you _will_ still get the same
message.

...so what indicates that you *are not* vulnerable?

We'll - fairly long winded approach - therefore not a quick test:
create a file call test.txt and put it on the root of the drive where your
virtual root is found.
If one doesn't already exist create a static file - eg default.html and
place it in the root virtual directory.
Try to access test.txt by using one of the exploits now floating around.

If you manage it - then you're vulnerable s apply the patch. If you don't
then you're not and the patch is already installed or .htw is not linked to
webhits.dll

Cheers,
David Litchfield
http://www.cerberus-infosec.co.uk/


  By Date           By Thread  

Current thread:
  • Re: Alert: MS IIS 4 / IS 2 (Cerberus Security Advisory CISADV000126) Mnemonix (Feb 01)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault