Microsoft IIS authentication bypass - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Microsoft IIS authentication bypass
Published: 07.07.2010
Source: BUGTRAQ
SecurityVulns ID: 10972
Type: remote
Level: 6/10
Description: It's possible to access restricted directory by using request like “http://victim.com/SecretFolder:$I30:$Index_Allocation/

Affected: MICROSOFT : Windows 2000 Server

Original document bugreport_(at)_itguard.info, IIS5.1 Directory Authentication Bypass by using “:$I30:$Index_Allocation” (07.07.2010)

Discuss: Read or add your comments to this news (0 comments)