CVE-2001-0986

SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote attackers to obtain sensitive information such as the physical path, file attributes, or portions of source code by directly calling sqlqhit.asp with a CiScope parameter set to 1 webinfo, 2 extendedfileinfo, 3 extendedwebinfo, or...

CVE-2001-0986

SQLQHit.asp is a sample component of Microsoft Index Server 2.0 that, when reachable via CiScope values webinfo/extended_fileinfo/extended_webinfo/fileinfo, can disclose directories and file paths on the server. The vulnerability stems from a design/implementation flaw in the SQLQHit CGI that all...

Microsoft Windows Index Server discloses sensitive configuration information via crafted request to SQLQHit.asp sample application

Overview Microsoft Windows Index Server ships with an optional sample package. A component of this package, SQLQHit.asp, can disclose sensitive information when sent crafted requests. Description The Microsoft Windows Index Server ships with optional sample files. While these files should never b...

Security Vulnerability with Microsoft Index Server 2.0(Sample fil e reveals file info, physical path etc)

Hi I noticed index server sample file is vulnerable which reveals file info and physical path. Vulnerable Microsoft Index Server 2.0 + IIS 4.0 + Windows NT Server 4.0 + Service Pack 6a Details The Index Server Sample file SQLQHit.asp shipped with Microsoft Index Server 2.0 and Option pack 4.0 , i...

CVE-2001-0986

SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote attackers to obtain sensitive information such as the physical path, file attributes, or portions of source code by directly calling sqlqhit.asp with a CiScope parameter set to 1 webinfo, 2 extendedfileinfo, 3 extendedwebinfo, or...