IIS vulnerability check
-------------------------------------------------- ------------------------------ [eyebrow pen] at 2001-1-14 12:27:53 posted in NT World ↑
Translation: Coolfrog
Release date: 2000/11/3 affected system: Windows NT 4.0 IIS 4.0 SP6 (vulnerable to attack) Windows NT 5.0 IIS 5.0 (not easy to attack)
Description: There is a buffer overflow in the IIS (Internet Information Server) ASPI file parsing mechanism, which can be used to get the SYSTEM level access. This is not remote but local vulnerability (however, we will explain it later: How do you implement it remotely). You need to create a .asp file as a victim, causing the inetinfo.exe buffer overflow when IIS parsing it, allowing you to control the local server with System permission. So, who will affect this? Any web company or Internet service provider running multiple customers NT4 IIS4 Web servers. Mainly, any customer (or an attacker) that can update the website (or an attacker) uploads a new default.asp or Anything.asp, which can then perform code with the SYSTEM to completely control your server. They can do anything else to any other customer sites of the server, while they can install Sniffer or crack the password to expand their results in your network. There is therefore a joint entitled $ 19.95 ... Anyone who has $ 20 can invade a network host company or Internet service provider running NT4 IIS4. Just buy an account on the network host company, upload your evil.asp and use IE to request this evil.asp, http://www.badguy.com/evil.asp, and Hyuna Server on your website. Your code. Here is an example of inetinfo.exe overflow from NT4 IIS4
