This is a mirror of official site: http://jasper-net.blogspot.com/

Microsoft IIS 6 parsing directory “x.asp” Vulnerability

| Sunday, January 30, 2011
############################################################
# Microsoft IIS 6 parsing directory Vulnerability
############################################################
#Discovered by:
Pouya daneshmand
whh_iran[AT]yahoo[DOT]com
http://securitylab.ir/blog

#Introduction:
Using this vulnerability you can bypass some Security filters, for example a file with “.jpg” or “.rar” extension can be executed as an asp (Active Server Page) file.

#Vulnerable:
It just works for asp files and works on Windows 2003 / IIS 6 (As I tested...).
The test failed on IIS 5.1 and IIS 7.


#Description:
1) Create a Folder with '.asp' extension.
2) Insert your ASP code in a file with any extension (like .jpg,.rar,.txt) in the folder you have created.
3) Open the file with your browser and you will see it's executed as an asp file!

#Note:
The Extension of file does not matter at all!


#Solution:
There is no patch to fix this security vulnerability yet, the best thing I can say is to DISABLE ASP FILES FROM YOUR "web server extensions"! Or Remove “execute” permission from the upload directories.

Read more:  Sebug.net

Posted via email from Jasper-net

0 comments: