Microsoft IIS 5.0 – IDC Extension Cross-Site Scripting

Microsoft IIS 5.0 – IDC Extension Cross-Site Scripting

漏洞ID 1053625 漏洞类型
发布时间 2002-10-05 更新时间 2002-10-05
图片[1]-Microsoft IIS 5.0 – IDC Extension Cross-Site Scripting-安全小百科CVE编号 N/A
图片[2]-Microsoft IIS 5.0 – IDC Extension Cross-Site Scripting-安全小百科CNNVD-ID N/A
漏洞平台 Windows CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/21910
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/5900/info

A vulnerability in Microsoft Internet Information Server (IIS) may make cross-site scripting attacks possible.

When IIS receives a request for an .idc file, the server typically returns a 404 message when the page does not exist. However, when a request containing a long URL and ending in the .idc extension is received by IIS, the entire contents of the URL are returned on the error page without the sanitizing of input. This could result in the execution of arbitrary script code. 

http://www.example.com/<long_buffer><script_to_execute>.idc

相关推荐: Samba Samba Web Administration Tool (SWAT)漏洞

Samba Samba Web Administration Tool (SWAT)漏洞 漏洞ID 1206141 漏洞类型 未知 发布时间 2000-12-19 更新时间 2000-12-19 CVE编号 CVE-2000-0938 CNNVD-ID CNN…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享