Microsoft IIS6 Vulnerability: Server sensitive information easily stolen

Security experts recently warned administrators using Microsoft Internet Information Services IIS 6 that Web servers are vulnerable to attacks and expose password-protected files and folders. It is reported that this vulnerability exists in some process commands based on WebDAV protocol. By adding some Unicode characters to the Web address, hackers can access these sensitive files, which are generally protected by a system password. In addition, the vulnerability can be used to upload malicious files to the server. Nikolaos Rangos security researcher said, "the Web server cannot handle Unicode tokens correctly when parsing and sending back data." The US Computer Emergency Preparedness Team has also identified the problem, and the Organization recommends disabling the WebDAV protocol until the problem is fully resolved. However, the vulnerability exists only in the IIS6 version, and WebDAV is turned off by default. Microsoft's security team is also working on the report, a company spokesman said, "We are not sure if anyone is using this loophole to launch an attack or how it affects customers," according to the report The following four strings must be used to access a password-protected protected.zip file, which exists under a folder called Protected: Get/. %c0%af/protected/protected.zip http/1.1 translate:f connection:close host:servernameunicode character "%c0%af" is actually converted to "/", The input command also lets IIS6 quickly resolve to a valid file path. After the hacker sends the request, the Web server sends him a return packet without authenticating him. It is reported that this attack can be used to access, upload, and view password-protected WebDAV folders. Secunia commented on this vulnerability as "medium critical." The report also brings to mind the 2001-Year IIS vulnerability. At that time, an attacker could use this vulnerability to bypass IIS path checking to execute or open arbitrary files.