Updated July 2, 1998
This Is A REAL Howler...
Major New Security Bug Hits Microsoft Internet Information Server
WANT TO CATCH Microsoft with it's pants down in a seriously embarrassing way?
If you add ::$DATA to the URL, and if Microsoft hasn't fixed the problem yet, you'll be prompted to save a file to your hard drive.
Now open that file in a text editor such as Windows Notepad, and you'll be greeted with a sight that's interesting (or alarming if you're Microsoft).
There for all the world to see is a bunch of Active Server Page (ASP) scripting like the following:
Normally this ASP scripting is entirely hidden from public view, and with good reason. According to Bob Minor, owner of CyberMill, an internet service provider in St. Louis, revealing this sort of scripting creates a major security hole on the system in question.
"With knowledge of how the scripts are set up, someone can send commands to the server and potentially wreck all sorts of havoc," said Minor.
"This is easy and grotesque. It's really disturbing."
MICROSOFT WINDOWS NT Security Product Manager Karan Khanna has acknowledged to BugNet that there is a security hole in Microsoft Internet Information Server (IIS) versions 3 and 4.
If you specify a page on a server running IIS, and append ::$DATA to the URL, you will be given access to ASP scripting information.
And that's not all. The ::$DATA trick also reveals Perl scripting, CGI-bin scripting, and even online database scripting of products like WebCat.
Khanna told BugNet that fixes for the problem in both IIS 3 and IIS 4 will be posted to http://www.microsoft.com/security by the end of today, July 2.
Microsoft will also post work arounds for both version of IIS to the same page.
-- Bruce Brown
© BugNet material copyright 1994-1999 by BugNet.
This historic replica of BugNet from the period 1994-1999
BF Communications Inc.
Website by Running Dog