Pouya daneshmand whh_iran[AT]yahoo[DOT]com http://securitylab.ir/blog
Using this vulnerability you can bypass some Security filters, for example a file with “.jpg” or “.rar” extension can be executed as an asp (Active Server Page) file.
It just works for asp files and works on Windows 2003 / IIS 6 (As I tested...). The test failed on IIS 5.1 and IIS 7.
1) Create a Folder with '.asp' extension. 2) Insert your ASP code in a file with any extension (like .jpg,.rar,.txt) in the folder you have created. 3) Open the file with your browser and you will see it's executed as an asp file!
The Extension of file does not matter at all!
There is no patch to fix this security vulnerability yet, the best thing I can say is to DISABLE ASP FILES FROM YOUR "web server extensions"! Or Remove “execute” permission from the upload directories.
This vulnerability was reported for first time at 2010-06-19 in Persian (http://sebug.net/vulndb/19820/)