Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Full Disclosure: IIS 5.1 Source Disclosure Under FAT/FAT32 Volumes Using WebDAV

IIS 5.1 Source Disclosure Under FAT/FAT32 Volumes Using WebDAV

From: Jerome Athias <jerome.athias_at_free.fr>
Date: Wed, 07 Sep 2005 13:37:14 +0200

It is possible to remotely view the source code of web script files
though a specially crafted WebDAV HTTP request. Only IIS 5.1 seems to be
vulnerable. The web script file must be on a FAT or a FAT32 volume, web
scripts located on a NTFS are not vulnerable.

The information has been provided by Inge Henriksen
<mailto:inge.henriksen%20at%20booleansoft.com>.
The original article can be found at:
http://ingehenriksen.blogspot.com/2005/09/iis-51-allows-for-remote-viewing-of.html

Advisory in french:
http://www.athias.fr/alertes-bulletins-securite/20050907_Microsoft.IIS.5.1_Divulgation.de.Sources.html

Regards
/JA

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Received on Sep 07 2005
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]