Great Circle Associates Firewalls
(August 1996) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: IIS Security hole
From: "Bowman Hall" <bowman @ carnival . com>
Date: Thu, 1 Aug 1996 19:17:08 -0400
To: <Firewalls @ GreatCircle . COM>
Cc: <jesse @ psa . pencom . com> 
If you go to any directory below the server root, you have access to the
entire volume
that IIS runs on via ../.. tricks.
e.g.
http://www.victim.com/images/../../../mssql/customer.database

The URL for the fix was published on the list.
-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Bowman Hall MCSE   bowman @
 carnival .
 com
Systems Analyst         (305) 599 2600 x1844
Carnival Cruise Lines  http://www.carnival.com

> 
> Date: Thu, 1 Aug 1996 11:59:27 -0500 (CDT)
> From: Jesse Whyte <jesse @
 psa .
 pencom .
 com>
> Subject: Re: Microsoft Internet Server
> 
> If anyone has any more information on the Server hole - technicals and 
> maybe an exploit script - please reply back either privately or on the 
> list if you think it is appropriate.
> 
> Thanx,
> 
> Jesse
> 
> ****************************************************************
> Jesse Whyte
> Computer/Network Security Consultant
> Pencom Systems Administrator
> H: (410) 647-9645
> W: (410) 908-0991
>
Indexed By Date Previous: re: Firewalls-Digest V5 #446
From: <j_markus @ umb . com> (Joel S. Markus)
Next: Thanks for the replies
From: Bill Stout <bill . stout @ hidata . com>
Indexed By Thread Previous: re: Firewalls-Digest V5 #446
From: <j_markus @ umb . com> (Joel S. Markus)
Next: Thanks for the replies
From: Bill Stout <bill . stout @ hidata . com>
Google
 
Search Internet Search www.greatcircle.com