Microsoft IIS / Site Server code.asp Arbitrary File Access

1999-05-07T00:00:00
ID OSVDB:15749
Type osvdb
Reporter Parcens()
Modified 1999-05-07T00:00:00

Description

Vulnerability Description

Microsoft IIS and Site Server contains a flaw that allows a remote attacker to arbitrary access files outside of the web path. The issue is due to the 'code.asp' script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the 'source' variable.

Solution Description

Microsoft has released a patch to address this vulnerability. It is also possible to correct the flaw by implementing the following workaround: Remove the /IISSamples virtual directory when not needed. As a general rule, do not install sample scripts or sample applications on a production server.

Short Description

Microsoft IIS and Site Server contains a flaw that allows a remote attacker to arbitrary access files outside of the web path. The issue is due to the 'code.asp' script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the 'source' variable.

Manual Testing Notes

http://[victim]/pathto/code.asp?source=../../../../../../boot.ini

References:

Vendor URL: http://www.microsoft.com/ Related OSVDB ID: 7 Related OSVDB ID: 474 Related OSVDB ID: 782 Other Advisory URL: http://www.atstake.com/research/advisories/1999/showcode.txt Microsoft Security Bulletin: MS99-013 Microsoft Knowledge Base Article: 232449 ISS X-Force ID: 3269 CVE-1999-0738 CIAC Advisory: K-068