Penetration Testing mailing list archives

update on IIS 5.0 relative path vulnerability

From: H D Moore <hdm () secureaustin com>
Date: Sat, 8 Sep 2001 02:28:59 -0500

I ran across a new exploit for the vulnerability found by Entercept, this one
is binary only, creates a backdoor account, and provides a remote command 
shell feature using a local win32 executable and the dll on the server. The 
readme file happens to list the other dll names that can be used in the 
exploit:

--[ cut from readme.txt
     1¡¢ idq.dll
     2¡¢ httpext.dll
     3¡¢ httpodbc.dll
     4¡¢ ssinc.dll
     5¡¢ msw3prt.dll
     6¡¢ author.dll
     7¡¢ admin.dll
     8¡¢ shtml.dll
     9¡¢ sspifilt.dll
     10¡¢compfilt.dll
     11¡¢pwsdata.dll
     12¡¢md5filt.dll
     13¡¢fpexedll.dll
------------------------

The exploit was found on xfocus.org:
http://www.xfocus.org/download.php?id=241

I have a local copy with the extracted zip here:
http://www.digitaloffense.net/archives/iissystem/

I plan on dissecting the executable and dll later on (which are strangely the 
exact same size yet differ in content), can anyone provide a Chinese to 
English translation for the readme?

PS. Thanks to "isno" for writing it, just wished it came with source...

-- 
H D Moore
http://www.digitaldefense.net - work
http://www.digitaloffense.net - play

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

update on IIS 5.0 relative path vulnerability H D Moore (Sep 10)
- Re: update on IIS 5.0 relative path vulnerability Dominic (Sep 12)