Home page logo
/

bugtraq logo Bugtraq mailing list archives

Enumerate Root Web Server Directory Vulnerability for IIS 4.0
From: jason () SPIS NET (Jason Lutz)
Date: Thu, 9 Mar 2000 09:32:07 -0600


BugTraq,

   I was recently auditing the security on one of my web servers when I came
across a new Extension Enumerate Root Web Server Directory Vulnerability for
IIS 4.0. Going to the main website and asking for anything.idq I get the
page cannot be found. But if the files for the web server reside on a share
the full network path is found.

The Exploit:

On the shared network drive, http://server/anything.idq

The file \\share\wwwroot\inetpub\webpage\*.idq is on a network share. IDQ,
IDA and HTX files cannot be placed on a network share.

Tested on Windows NT 4.0 Service Pack 5 and 6a

I would like to say thank you to rain.forest.puppy. for all of his help.

props out to ADM, Wiretrip, w00w00 and l0pht.

Jason Lutz
Sprint Print Inc
jason () spis net


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]