Security Basics mailing list archives

Some Few Doubts on IIS Vuln

From: kaps lock <secnerdkaps () yahoo com>
Date: Mon, 31 Jan 2005 09:29:26 -0800 (PST)


hi all,
I did a VA scan using nESSUS and was need help in the
analysis part of it and inturn learn more :

1).IDA ISAPI filter mapped
   What does mapped means?Could anyone tell me what
exactly this filter is used for and what is a .ida
extension ,i mean i know code red and all but still
wud like to know what is the function of this filter
and wht a .ida extension is ?an example string ....if
anyone knows to test this vuln on server tht i cud use
as a manual penetration tsting tip?

2)if i find a server on which u can successfull upload
and delete a file say test.html with PUT and
DELETE.How could i manually actually do this on the
server ,basically how to craft that attack or how to
go about it.

3)The mail server on a specially crafted GET request
reveals the authentication mechanism??
What reuqest by Nessus made this conclusion?any tips

4)too many arguements on the ACCEPT command can crash
the server..now this is surely a false positive but i
cud i make it for sure?

thanks all...              


                
__________________________________ 
Do you Yahoo!? 
Take Yahoo! Mail with you! Get it on your mobile phone. 
http://mobile.yahoo.com/maildemo

Current thread:

Exchange <--> Outlook Monitoring Doll, Josh (Jan 28)
- RE: Exchange <--> Outlook Monitoring Shawn Wall (Jan 31)
- <Possible follow-ups>
- RE: Exchange <--> Outlook Monitoring Eric McCarty (Jan 28)
  - Re: Exchange <--> Outlook Monitoring Presley, Steven (Jan 31)
  - RE: Exchange <--> Outlook Monitoring Sarbjit Singh Gill (Jan 31)
  - Re: Exchange <--> Outlook Monitoring Steve (Jan 31)
  - Some Few Doubts on IIS Vuln kaps lock (Jan 31)
- RE: Exchange <--> Outlook Monitoring Eric McCarty (Jan 31)
  - Re: Exchange <--> Outlook Monitoring Joe Hood (Jan 31)