Reported August 21, 2000 by Georgi Guninski
- Internet Information Server 5.0
IIS 5.0 and FrontPage Server Extensions are vulnerable to an issue that allows a script to be passed to the Web server for execution. The problem could allow data inside a protected network to be transmitted offsite.
The following URL will pass a script directly to the remote Web server:http://iis5server/.shtml
The next URL passes a script into the FrontPage Server Extensions (this problem is fixed in Service Release 1.2):http://iis5server/_vti_bin/shtml.dll/>
Microsoft has fixed the problem with FrontPage Server Extensions. Users should load Service Release 1.2 in order to remove this vulnerability. Please see CERT- Advisory CA-2000-02 Malicious HTML Tags Embedded in Client Web. In addition, be sure to review the Cross Site Scripting Overview from Microsoft.
At the time of this writing, no information was available with regard to a fix for IIS 5.0.
Discovered by Georgi Guninski