Security Basics mailing list archives
Re: IIS 6 exploited
From: Federico Maggi <federico.maggi () gmail com>
Date: Tue, 11 Aug 2009 19:52:00 +0200
On 11/ago/2009, at 19.29, Israel Junior <israel () nacaolivre net> wrote:
Review running IIS components (FTP, WebDAV
Especially WebDAV I'd suggest to check. It happens that in 6.0 one can bypass auth on protected directories:
* http://milw0rm.com/sploits/2009-IIS-Advisory.pdf
and, if upload is enabled, the second part is a piece of cake.
Cheers,
-- Fede
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- IIS 6 exploited asai ajith (Aug 11)
- Re: IIS 6 exploited Aarón Mizrachi (Aug 11)
- Re: IIS 6 exploited Israel Junior (Aug 11)
- Re: IIS 6 exploited Federico Maggi (Aug 11)
- RE: IIS 6 exploited Murda Mcloud (Aug 13)
- Re: IIS 6 exploited Radmilo Racic (Aug 13)
- Re: IIS 6 exploited Israel Junior (Aug 11)
- Re: IIS 6 exploited Ali, Saqib (Aug 11)
- Re: IIS 6 exploited Venkatesh Selvaraju (Aug 11)
- Re: IIS 6 exploited Aarón Mizrachi (Aug 11)