Penetration Testing mailing list archives

Re: finding webroot on IIS

From: Frederic Guerin <frederic.guerin () abovetech com>
Date: Thu, 14 Jun 2001 19:50:09 -0400

Try to exploit the *.idq bug. Do a request like 
http://www.acme.com/anything.idq

If the server is vulnerable, you should see the webroot...

Have a nice day,

On 14 June 2001 00:30, * (todd + 1) wrote:

hello all,

Recently i came across an IIS webserver that i found to be vulnerable to
the Unicode attacks. However, i cannot determine the webroot of this drive,
and therefore i am having troubles reaching a full comprimise.  The
directory "C:\Inetpub" exists, but the only contents of this directory is
the folder "mailroot".

Additionally, when i connect and request the root document (ie GET / ), it
returns the string: "<% Response.ContentType = "text/plain" %> HELLO"

Does anyone come across anything like this before, and what would be the
simplest method of determining the webroot?

thanks in advance
todd willey
ubermother

Current thread:

finding webroot on IIS todd + 1 (Jun 14)
- RE: finding webroot on IIS George Milliken (Jun 14)
- Re: finding webroot on IIS David Page (Jun 14)
  - Re: finding webroot on IIS David Jacoby (Jun 15)
- Re: finding webroot on IIS H D Moore (Jun 14)
  - Re: finding webroot on IIS todd + 1 (Jun 14)
- Re: finding webroot on IIS Frederic Guerin (Jun 15)
- Re: finding webroot on IIS Gary Warner (Jun 18)
  - 3 pigs building web servers? hacker wolf? Robert Shea (Jun 18)
    - Re: 3 pigs building web servers? hacker wolf? ghandi (Jun 19)
    - Re: 3 pigs building web servers? hacker wolf? Riley Hassell (Jun 19)
- <Possible follow-ups>
- RE: finding webroot on IIS Yonatan Bokovza (Jun 14)