Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
exploitdbZuo LeiEDB-ID:20089
HistoryJul 17, 2000 - 12:00 a.m.

Microsoft IIS 4.0/5.0 - Source Fragment Disclosure

2000-07-1700:00:00
Zuo Lei
www.exploit-db.com
20

AI Score

7.4

Confidence

Low

JSON
source: https://www.securityfocus.com/bid/1488/info

Microsoft IIS 4.0 and 5.0 can be made to disclose fragments of source code which should otherwise be inaccessible. This is done by appending "+.htr" to a request for a known .asp (or .asa, .ini, etc) file. Appending this string causes the request to be handled by ISM.DLL, which then strips the +.htr string and may disclose part or all of the source of the .asp file specified in the request. There has been a report that source will be displayed up to the first '<%' encountered - '<%' and '%>' are server-side script delimiters. Pages which use the <script runat=server></script> delimiters instead will display the entire source, or up to any '<%' in the page. This vulnerability is a variant of a previously discovered vulnerability, BugTraq ID 1193.

http://victim/global.asa+.htr

Related

cvelist 1
cve 1
cert 1
nvd 1
nessus 1
openvas 1
cvelist
cvelist
CVE-2000-0630
2000-10-13 04:00:00
cve
cve
CVE-2000-0630
2000-10-13 04:00:00
cert
cert
Microsoft Internet Information Server (IIS) discloses contents of files via crafted request containing "+.htr"
2001-06-15 00:00:00
nvd
nvd
CVE-2000-0630
2000-07-17 04:00:00
nessus
nessus
Microsoft IIS Source Fragment Disclosure
2001-05-29 00:00:00
openvas
openvas
Microsoft Internet Information Services (IIS) Source Fragment Disclosure
2005-11-03 00:00:00

AI Score

7.4

Confidence

Low

JSON
Related for EDB-ID:20089
cvelist1cve1cert1nvd1nessus1openvas1