Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

IIS 5.1 allows for remote viewing of source code on FAT/FAT32 volumes us

from [inge . henriksen] Network Security [Permanent Link]
Subject: IIS 5.1 allows for remote viewing of source code on FAT/FAT32 volumes using WebDAV
Date: 4 Sep 2005 00:22:27 -0000 
** Inge Henriksen Security Advisory - Full Disclosure Proof of Concept at 
http://ingehenriksen.blogspot.com/ **

It is possible to remotely view the source code of web script files though a 
specially 
crafted WebDAV HTTP request. Only IIS 5.1 seems to be vulnerable. The web 
script file 
must be on a FAT or a FAT32 volume, web scripts located on a NTFS are not 
vulnerable. 

Confirmed vulnerable:
-Microsoft® Internet Information Server® V5.1: 
  a. Microsoft® Windows® XP Pro. with SP2(English) 
  b. Microsoft® Windows® XP Pro. with SP2(Norwegian) 
  c. Microsoft® Windows® XP Pro. with SP1(Swedish) 

Confimed not vulnerable:
-Microsoft® Internet Information Server® V5.0: 
  a. Microsoft® Windows® 2000 Server with SP4(English) 
-Microsoft® Internet Information Server® V6.0: 
  a. Microsoft® Windows® 2003 Standard(English) 

Vendor status:
Notified

Solution:
Don't use FAT or FAT32 volumes with IIS 5.1.

Techical description:
WebDAV allows for retrieving streams using the "Translate: f" HTTP header, the 
processing
of this header has logic built into it so that web script files are not 
processed, this
logic can be avoided by using Unicode characters instead in one of the letters 
of the file.
The file must be on a FAT or FAT32 volume to be viewed, a NTFS volume will 
return a
"Forbidden" HTTP response instead.

Full Disclosure Proof of Concept at http://ingehenriksen.blogspot.com/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  I have discovered small xss error in open webmail 2.41, s3cure
Next by Date:  [KDE Security Advisory] kcheckpass local root vulnerability, Dirk Mueller
Previous by Thread:  I have discovered small xss error in open webmail 2.41, s3cure
Next by Thread:  Re: IIS 5.1 allows for remote viewing of source code on FAT/FAT32 volumes using WebDAV, inge . henriksen
Indexes:  [Date] [Thread] [Top] [All Lists]