IIS 5.0 Vulnerable to Cross Site Scripting

 

Reported August 21, 2000 by
Georgi Guninski

VERSIONS AFFECTED
  • Internet Information Server 5.0
  • FrontPage Server Extensions
  • DESCRIPTION

    IIS 5.0 and FrontPage Server Extensions are vulnerable to an issue that allows a script to be passed to the Web server for execution. The problem could allow data inside a protected network to be transmitted offsite.

    DEMONSTRATION

    The following URL will pass a script directly to the remote Web server:

    http://iis5server/.shtml

    The next URL passes a script into the FrontPage Server Extensions (this problem is fixed in Service Release 1.2):

    http://iis5server/_vti_bin/shtml.dll/>

    VENDOR RESPONSE

    Microsoft has fixed the problem with FrontPage Server Extensions. Users should load Service Release 1.2 in order to remove this vulnerability. Please see CERT- Advisory CA-2000-02 Malicious HTML Tags Embedded in Client Web. In addition, be sure to review the Cross Site Scripting Overview from Microsoft.

    At the time of this writing, no information was available with regard to a fix for IIS 5.0.

    CREDIT
    Discovered by Georgi Guninski

    TAGS: Security
    Hide comments

    Comments

    • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

    Plain text

    • No HTML tags allowed.
    • Web page addresses and e-mail addresses turn into links automatically.
    • Lines and paragraphs break automatically.
    Publish