Microsoft IIS 5.1 Directory Authentication Bypass
发布时间:2010-07-02
信息提交:ICT (ictbh2_at_hotmail.com)
影响版本:Microsoft IIS 5.1
漏洞描述:
Introduction:
Although IIS5 is very old, finding one is not impossible! Therefore, I want to introduce a technique to bypass the IIS authentication methods on a directory.
Although IIS5 is very old, finding one is not impossible! Therefore, I want to introduce a technique to bypass the IIS authentication methods on a directory.
This vulnerability is because of using Alternate Data Stream to open a protected folder. All of IIS authentication methods can be circumvented. In this technique, we can add a “:$i30:$INDEX_ALLOCATION” to a directory name to bypass the authentication.
It is possible to run “secretfile.asp” by using:
“/AuthNeeded:$i30:$INDEX_ALLOCATION/secretfile.asp”
Instead of:
“/AuthNeeded/secretfile.asp”
<*参考
ICTBH@Hotmail.com
*>
测试方法:
本站提 供程序(方法)可能带有攻击性,仅供安全研究与教学之用,风险自负!
本站提 供程序(方法)可能带有攻击性,仅供安全研究与教学之用,风险自负!
It is possible to run “secretfile.asp” by using: “/AuthNeeded:$i30:$INDEX_ALLOCATION/secretfile.asp” Instead of: “/AuthNeeded/secretfile.asp”
安全建议:
update to IIS 6.0 and Or higher
Microsoft
---------
http://www.microsoft.com/
声明: 本文采用 BY-NC-SA 协议进行授权. 转载请注明转自: Microsoft IIS 5.1 Directory Authentication Bypass
0评论
0Trackbacks
发表评论
Trackback
