Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: IIS volunrability scan results

From: "Andrew Shore" <andrew.shore () holistecs com>
Date: Thu, 23 Dec 2004 10:15:30 -0000
Is the server patch level up to date?

If not, it should be :)

-----Original Message-----
From: Juan B [mailto:juanbabi () yahoo com] 
Sent: 22 December 2004 14:37
To: security-basics () securityfocus com
Subject: IIS volunrability scan results

HI,

I ran whcc against one of my company's web site (IIS).

this is what I reciecved:

Exploit: /./
Description: Appending '/./' to a directory may reveal
php source code.

Exploit: /?sql_debug=1
Description: The PHP-Nuke install may allow attackers
to enable debug mode and disclose sensitive
information by adding sql_debug=1 to the query string.

Exploit: /?"><script>alert("Vu

is this critical? can some one please expain or give
some links so Ican understand those results?

thanks very much !




        
                
__________________________________ 
Do you Yahoo!? 
Yahoo! Mail - You care about security. So do we. 
http://promotions.yahoo.com/new_mail
Previous By Date Next
Previous By Thread Next

Current thread: