Penetration Testing mailing list archives

Re: Webhits.dll arbitrary file retrieval Vulnerability

From: Jian Hui Wang <jhwang () gosecure ca>
Date: 3 Mar 2005 19:09:22 -0000

In-Reply-To: <55d0d8e305030223257757f25c () mail gmail com>

1) for Webhits.dll

It is possible that they patched the system but still have htw ISAPI mapping.

If you cannot exploit them, classify it as a false postive but do suggest your client unmapping the mapping.

2) For log

Put the link at browser and download it ( save it to your disk). Find a software to crack it.


Correct me if I am wrong.




Jian Hui Wang, M.Sc, CSE, CCSE, CCNA 

Security Analyst

Gosecure Inc. 


Venez consulter notre portail SecInfo pour les dernières nouvelles en sécurité:

http://www.gosecure.ca/SecInfo/index.html

Current thread:

Webhits.dll arbitrary file retrieval Vulnerability Maverick The Techie (Mar 03)
- Re: Webhits.dll arbitrary file retrieval Vulnerability H D Moore (Mar 03)
- <Possible follow-ups>
- Re: Webhits.dll arbitrary file retrieval Vulnerability Jian Hui Wang (Mar 03)