Microsoft IIS 6.0 and 7.5 vulnerabilities and exploitation methods

Author's statement:
1. No organization or individual may use this vulnerability to conduct illegal activities. No consequences arising from this vulnerability are related to the person (T5 ).
2. You must retain this statement when the webmaster and individual repost, copy, and circulate the statement. The disseminator shall bear all disputes arising from the other person.
Microsoft IIS 6.0 PHP bypass authentication vulnerability
Microsoft IIS and PHP 6.0 (this is a test of Windows Server 2003 SP1 in PHP5)
Detailed description:
Attackers can send a special request to the IIS 6.0 service and bypass the access restriction.
Attackers can access password-protected files.
Example:->
Example request (path to the file):/admin: $ INDEX_ALLOCATION/index. php
(No translation at the moment, for fear of affecting accuracy)
If the: $ INDEX_ALLOCATION postfix is appended to directory name.
This can result in accessing administrative files and under special circumstances execute arbirary code remotely
Microsoft IIS 7.5 classic ASP verification Bypass
Affected Software:. NET Framework 4.0 (. NET Framework 2.0 is not affected, and other. NET frameworks have not been tested) (in Windows 7)
Description: www.2cto.com
By adding [": $ i30: $ INDEX_ALLOCATION"] to the directory serving (you can bypass it successfully)
Example:
There is a password protected directory configured that has administrative asp scripts inside An attacker requests the directory with: $ i30: $ INDEX_ALLOCATION appended to the directory name IIS/7.5 gracefully executes the ASP script without asking for proper credentials
IIS 7.5 NET source code leakage and Authentication Vulnerability
(. NET 2.0 and. NET 4.0 tests)
Example:->
Http: // <victimIIS75>/admin: $ i30: $ INDEX_ALLOCATION/admin. php
Will run the PHP script without asking for proper credentials. (no translation is available)
By appending /. php to an ASPX file (or any other file using. NET framework that is not blocked through the request filtering rules, like misconfigured :. CS ,. VB files) IIS/7.5 responds with the full source code of the file and executes it as PHP code. this means that by using an upload feature it might be possible (under special circumstances) to execute arbitrary PHP code.
Example: Default. aspx/. php