Vulnerability Development mailing list archives
Help needed for Repost.asp on iis4
From: NO ROOT <k---k () CARAMAIL COM>
Date: Fri, 22 Sep 2000 02:56:48 -0700
Hi, I saw with CIS that my webserver was Vulnerable to : http://mywebserver/scripts/repost.asp CIS said : Microsoft's Site Server 2.0 is installed. This allows users to upload files to the /users directory. Even if it doesn't exist any valid user can create the diectory via the web and the default NTFS permissions given to this directory give the Everybody Group the "Change" permission - which allows anybody to create, modify or delete files in that directory. Added to this IIS gives the "Write" permission allowing users to use the HTTP PUT REQUEST_METHOD to place content on the web site via the HTTP protocol. Because of the defaults, if anonymous access is granted to the site anybody can do this. Ensure that, if the directory exists the Anonymous Internet Account is given only read access to this directory. Remove change permissions for the Everybody Group and assign permissions per user. Can someone give me the script that exploit this vulnerability ? Cause i don't know very well HTML coding. Thanks ! ______________________________________________________ BoƮte aux lettres - Caramail - http://www.caramail.com
Current thread:
- Help needed for Repost.asp on iis4 NO ROOT (Sep 23)
- Re: Help needed for Repost.asp on iis4 spi (Sep 24)