Security Basics mailing list archives
RE: IIS volunrability scan results
From: "Andrew Shore" <andrew.shore () holistecs com>
Date: Thu, 23 Dec 2004 10:15:30 -0000
Is the server patch level up to date? If not, it should be :) -----Original Message----- From: Juan B [mailto:juanbabi () yahoo com] Sent: 22 December 2004 14:37 To: security-basics () securityfocus com Subject: IIS volunrability scan results HI, I ran whcc against one of my company's web site (IIS). this is what I reciecved: Exploit: /./ Description: Appending '/./' to a directory may reveal php source code. Exploit: /?sql_debug=1 Description: The PHP-Nuke install may allow attackers to enable debug mode and disclose sensitive information by adding sql_debug=1 to the query string. Exploit: /?"><script>alert("Vu is this critical? can some one please expain or give some links so Ican understand those results? thanks very much ! __________________________________ Do you Yahoo!? Yahoo! Mail - You care about security. So do we. http://promotions.yahoo.com/new_mail
Current thread:
- IIS volunrability scan results Juan B (Dec 22)
- <Possible follow-ups>
- RE: IIS volunrability scan results Andrew Shore (Dec 23)