Penetration Testing mailing list archives

RE: IIS 3.0 pen-test

From: jerickson () telenisus com
Date: Thu, 5 Jul 2001 14:18:24 -0500

Well besides the rest of the vulnerabilites with MS IIS 3.0, I tested the
servers for Unicode and it seemed they were vulnerable. ( I check using a
perl script that I found on Packetstorm) it discovered that the servers

were

vulnerable to various forms of the unicode vulnerability.


The perl script you have checks for the word directory in the response from
the server
So when your getting back the error:

saying "HTTP/1.0 403 Access Forbidden (Execute Access Denied -This Virtual
Directory does not allow objects to be executed.)"


your perl script thinks its vulnerable.  

This is a piece of code taken from a perl script that check for unicode.

(taken from unicodeloader.pl)
my @results=sendraw("GET $uni+dir HTTP/1.0\r\n\r\n");
 foreach $line (@results){
  if ($line =~ /Directory/) { # THIS LINE IS GENERATING YOUR FALSE POSITIVE.



Jon Erickson


--------------------------------------------------------------------------------------

This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service
For more information on SecurityFocus' SIA service which automatically alerts you to 
the latest security vulnerabilities please see:

https://alerts.securityfocus.com/

Current thread:

IIS 3.0 pen-test Alex Balayan (Jul 05)
- <Possible follow-ups>
- RE: IIS 3.0 pen-test jerickson (Jul 05)
- Re: IIS 3.0 pen-test Parth Galen (Jul 05)