Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

guninski26.txt

🗓️ 31 Oct 2000 00:00:00Reported by Georgi GuninskiType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 17 Views

IIS 5.0 vulnerability allows cross site scripting via .htw, affecting security with user content.

Code
`Georgi Guninski security advisory #26, 2000  
  
IIS 5.0 cross site scripting vulnerability - using .htw  
  
Systems affected:  
IIS 5.0/Windows 2000. Exploited with browser (IE,NC) but the problem is  
in the web server.  
  
Risk: Medium  
Date: 28 October 2000  
  
Legal Notice:  
This Advisory is Copyright (c) 2000 Georgi Guninski. You may distribute  
it unmodified. You may not modify it and distribute it or distribute  
parts of it without the author's written permission.  
  
Disclaimer:  
The opinions expressed in this advisory and program are my own and not  
of any company.  
The usual standard disclaimer applies, especially the fact that Georgi  
Guninski  
is not liable for any damages caused by direct or indirect use of the  
information or functionality provided by this advisory or program.  
Georgi Guninski, bears no responsibility for content or misuse of this  
advisory or program or any derivatives thereof.  
  
Description:  
  
Using specially designed URLs, IIS 5.0 may return user specified content  
to the browser.  
This poses great security risk, especially if the browser is JavaScript  
enabled and the problem is greater in IE.  
By clicking on links, just visiting hostile web pages or opening HTML  
email the target IIS sever may return user defined malicous active  
content.  
This is a bug in IIS 5.0, but it affects end users and is exploited with  
a browser.  
A typical exploit scenario is stealing cookies which may contain  
sensitive information.  
  
  
Details:  
The following URL:  
----  
http://iis5server/null.htw?CiWebHitsFile=/default.htm&CiRestriction="<SCRIPT>alert(document.domain)</SCRIPT>"  
----  
(URL may be wrapped in mail clients)  
executes in the browser javascript provided by "iis5server" but defined  
by a (malicous) user.  
The URL may be used in a link or a script.  
If /default.htm does not exist another document must be specified.  
  
  
Workaround:  
Remove the .htw extension from application mappings.  
  
Vendor status:  
Microsoft was notified on 24 October.  
  
Regards,  
Georgi Guninski  
http://www.guninski.com  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
31 Oct 2000 00:00Current
7.4High risk
Vulners AI Score7.4
iis 5.0 vulnerabilitycross site scriptinguser contentmedium riskgeorgi guninski advisory
17