Microsoft IIS UNC Path Disclosure Vulnerability
BID:1065
Info
Microsoft IIS UNC Path Disclosure Vulnerability
| Bugtraq ID: | 1065 |
| Class: | Configuration Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Mar 08 2000 12:00AM |
| Updated: | Mar 08 2000 12:00AM |
| Credit: | Posted to Bugtraq on March 8, 2000 by Jason Lutz <[email protected]>. |
| Vulnerable: |
Microsoft IIS 5.0 Microsoft IIS 4.0 |
| Not Vulnerable: | |
Discussion
Microsoft IIS UNC Path Disclosure Vulnerability
IDQ, IDA, and HTX files cannot be served from a network share. If a website is set up in this manner, and a user clicks on a link that links to one of these files, the share path will be disclosed to the user in the resulting error message.
IDQ, IDA, and HTX files cannot be served from a network share. If a website is set up in this manner, and a user clicks on a link that links to one of these files, the share path will be disclosed to the user in the resulting error message.
Exploit / POC
Microsoft IIS UNC Path Disclosure Vulnerability
http://target/filename.idq
http://target/filename.ida
http://target/filename.htx
The requested file must be located on a network share.
http://target/filename.idq
http://target/filename.ida
http://target/filename.htx
The requested file must be located on a network share.
Solution / Fix
Microsoft IIS UNC Path Disclosure Vulnerability
Solution:
This is a configuration error, and can be avoided by not attempting to serve these files from a network share.
Solution:
This is a configuration error, and can be avoided by not attempting to serve these files from a network share.
References
Microsoft IIS UNC Path Disclosure Vulnerability
References:
References: