Microsoft IIS / Site Server showcode.asp source Variable Traversal Arbitrary File Access

1999-05-07T00:00:00
ID OSVDB:7
Type osvdb
Reporter Parcens()
Modified 1999-05-07T00:00:00

Description

Vulnerability Description

Microsoft IIS and Site Server contains a flaw that allows a remote attacker to arbitrary access files outside of the web path. The issue is due to the 'showcode.asp' script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the 'source' variable.

Solution Description

Microsoft has released a patch to address this vulnerability. It is also possible to correct the flaw by implementing the following workaround: Remove the /IISSamples virtual directory when not needed. As a general rule, do not install sample scripts or sample applications on a production server.

Short Description

Microsoft IIS and Site Server contains a flaw that allows a remote attacker to arbitrary access files outside of the web path. The issue is due to the 'showcode.asp' script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the 'source' variable.

Manual Testing Notes

http://[victim]/pathto/showcode.asp?source=../../../../../../boot.ini

References:

Vendor URL: http://www.microsoft.com/ Snort Signature ID: 1404 Snort Signature ID: 1034 Snort Signature ID: 1032 Snort Signature ID: 1036 Snort Signature ID: 1037 Snort Signature ID: 1033 Snort Signature ID: 1035 Related OSVDB ID: 474 Related OSVDB ID: 15749 Related OSVDB ID: 782 Other Advisory URL: http://www.atstake.com/research/advisories/1999/showcode.txt Nessus Plugin ID:10007 Microsoft Security Bulletin: MS99-013 Microsoft Knowledge Base Article: 232449 ISS X-Force ID: 2381 CVE-1999-0736 CIAC Advisory: k-068 Bugtraq ID: 0167