Bugtraq mailing list archives

Re: Enumerate Root Web Server Directory Vulnerability for IIS 4.0

From: ollie () DELPHISPLC COM (Ollie Whitehouse)
Date: Mon, 13 Mar 2000 14:30:57 -0000


All,

A way to stop these types of attacks when enumeration of a file path on an
IIS box occurs is to replace the errors with non-default errors pages.

Rgds

Ollie
<%
Ollie Whitehouse
Delphis Consulting
VOX: +44 (0)207 916 0200 (Switchboard)
FAX: +44 (0)207 916 1590 (Main)
FAX: +44 (0)870 0881837 (FAX - E-Mail)
PGP: http://www.ombs.demon.co.uk/pgp.txt
Tag: Who needs Windows2000 when you have OS/2?
%>

-----Original Message-----
From: Jason Lutz [mailto:jason () SPIS NET]
Sent: 09 March 2000 15:32
To: BUGTRAQ () SECURITYFOCUS COM
Subject: Enumerate Root Web Server Directory Vulnerability for IIS 4.0

BugTraq,

   I was recently auditing the security on one of my web servers when I came
across a new Extension Enumerate Root Web Server Directory Vulnerability for
IIS 4.0. Going to the main website and asking for anything.idq I get the
page cannot be found. But if the files for the web server reside on a share
the full network path is found.

The Exploit:

On the shared network drive, http://server/anything.idq

The file \\share\wwwroot\inetpub\webpage\*.idq is on a network share. IDQ,
IDA and HTX files cannot be placed on a network share.

Tested on Windows NT 4.0 Service Pack 5 and 6a

I would like to say thank you to rain.forest.puppy. for all of his help.

props out to ADM, Wiretrip, w00w00 and l0pht.

Jason Lutz
Sprint Print Inc
jason () spis net

Current thread:

Re: Enumerate Root Web Server Directory Vulnerability for IIS 4.0 Ollie Whitehouse (Mar 13)
- <Possible follow-ups>
- FW: Enumerate Root Web Server Directory Vulnerability for IIS 4.0 Ollie Whitehouse (Mar 15)