IIS + M$ Proxy II

[sekure <sekure () hadrion com br>]

Hi all,

I'm doing "security-tests" in a windows NT 4.0 + SP6 + IIS 4.0 + M$ Proxy II
+ SP1!!! :)
We know that M$ proxy server need of IIS to run...
I saw that is not blocking request of internet to IIS!! :)
Then i try... various IIS bugs .... i use any scanner securitys how
(Cerberus, Retina, messala, DCS, twwwscan ...!!
And i only can detect this file: xxx.xxx.xxx.xxx/scripts/tools/newdsn.exe i
remember that was used in msadc.pl correct ?? But it didn't is vulnerability
to MSADC !!! But this file exist.... ! ;)
And i try run msadc.pl in the server ... and it not running very well... it
show me that
"Duh! server is not running IIS" (And msadc is wrong, because it running
IIS4).
Then i found... on www.securityfocus.com and bugtraq about
"scripts/tools/newdsn.exe"  how to explit, and if can run arbitraty
commands...
I saw a example there of this context:
xxx.xxx.xxx.xxx/scripts/tools/newdsn.exe?c=Microsoft\%2B"."Access\%2BDRIVER\
%2B\%28*.mdb\%29\&dsn=wicca\&dbq="
But it not work...it test ... and it stay wait mode for several minutes....
and when it back show me: CGI Error
The specified CGI application misbehaved by not returning a complete set of
HTTP headers. The headers it did return are:

It is "syntaxe" correct ?? How can i use it with a cmd.exe to run arbitraty
commands ??
And this name of .mdb is default ?? That file.is mdb always the same? in
case it is not, how to discover? And user/password is default ??
I'm findimg it on web... but if you can help me!! :)
And about M$ proxy 2 + sp1 ... i found on web ... and i can percept that
this is very security correct ?? Somebody know any buffer overflow in M$
proxy with righ risk ??

Thkz for the feature. :)
Best Regards,
[ ]'s