Reported August 21, 2000 by Georgi
Guninski
- Internet Information Server 5.0
IIS 5.0 and FrontPage Server Extensions are vulnerable to an issue that allows a script to be passed to the Web server for execution. The problem could allow data inside a protected network to be transmitted offsite.
DEMONSTRATION
The following URL will pass a script directly to the remote Web server:
http://iis5server/.shtmlThe next URL passes a script into the FrontPage Server Extensions (this problem is fixed in Service Release 1.2):
http://iis5server/_vti_bin/shtml.dll/>VENDOR RESPONSE
Microsoft has fixed the problem with FrontPage Server Extensions. Users should load Service Release 1.2 in order to remove this vulnerability. Please see CERT- Advisory CA-2000-02 Malicious HTML Tags Embedded in Client Web. In addition, be sure to review the Cross Site Scripting Overview from Microsoft.
At the time of this writing, no information was available with regard to a fix for IIS 5.0.
CREDIT
Discovered by Georgi Guninski
3 comments
Hide comments