Дырка в IIS (File Request Parsing)

2000-12-0200:00:00

MICROSOFT

vulners.com

При разборе имени запрашиваемого CGI, можно выполнить приложение (.bat или .cmd) за счет исопльзования специальных метасимволов.

CPENameOperatorVersion
internet information servereq5.0
internet information servereq4.0

CPE	Name	Operator	Version
	internet information server	eq	5.0
	internet information server	eq	4.0

References

vulners.com/securityvulns/securityvulns:doc:1007

vulners.com/securityvulns/securityvulns:doc:888

vulners.com/securityvulns/securityvulns:doc:889

vulners.com/securityvulns/securityvulns:doc:913

vulners.com/securityvulns/securityvulns:doc:956

vulners.com/securityvulns/securityvulns:doc:973

vulners.com/securityvulns/securityvulns:doc:984

vulners.com/securityvulns/securityvulns:doc:985