Forum - Computer security: vulnerabilities and exploits database

[EN] securityvulns.ru
no-pyccku

Компрометация сервера через URL (URL javascript)
updated since 22.08.2000
Published: 04.11.2000
Source: NTBUGTRAQ
SecurityVulns ID: 462
Type: client
Level: 5/10
Описание: В URL специального вида можно включить javascript, который будет передан атакуемым сервером клиенту. Таким образом можно в контексте клдиента получить доступ к атакуемому серверу.

Affected: MICROSOFT : Internet Information Server 4.0
Critical Path
MICROSOFT : Internet Information Server 5.0

Original document MICROSOFT, Security Bulletin (MS00-060) Re-release (04.11.2000)

MICROSOFT, Security Bulletin (MS00-060) (26.08.2000)

Jeffrey W. Baker, Accounts easily compromised on Critical Path web mail service, CP does not respond after 30 days. (22.08.2000)

Georgi Guninski, IIS 5.0 cross site scripting vulnerability - using .shtml files or /_vti_bin/shtml.dll (22.08.2000)

Files: IIS 4.0 URL script injection patch
IIS 5.0 URL script injection patch
Discuss: Read or add your comments to this news (0 comments)

Show		Threads
		Messages


Login:*		(Register)
Password:*
(private)	To:
(reply)	Subject:*
Text:

Main Forum (Eng) General security questions not appropriate for another forums.	3proxy Forum (Eng) All 3proxy question must be posted to this forum.	Bugs, Vulnerabilities, PoCs and Exploits (Eng) All vulnerability related questions, vulnerability digging and exploit creation.	Windows programming and administration (Eng) Administering Windows and application development.	Unix programming and administation (Eng) Administering Unix and application development.	Test forum Please post all test messages here. All test messages from different forums will be deteted.
Main Forum (Rus)	3proxy Forum (Rus)	Bugs, Vulnerabilities, PoCs and Exploits (Rus)	Windows programming and administration (Rus)	Unix programming and administation (Rus)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod