Microsoft IIS protection bypass

2009-12-29T00:00:00
ID SECURITYVULNS:VULN:10491
Type securityvulns
Reporter BUGTRAQ
Modified 2009-12-29T00:00:00

Description

It's possible to bypass 3rd party upload protection by file extension, because part of filename after semicolon is ingored then detecting file type. E.g. script.asp;.jpg is treated by web server as ASP file.