IIS Sample Internet Data Query (IDQ)信息泄漏漏洞

IIS Sample Internet Data Query (IDQ)信息泄漏漏洞

漏洞ID 1105698 漏洞类型 未知
发布时间 2000-02-02 更新时间 2005-10-20
图片[1]-IIS Sample Internet Data Query (IDQ)信息泄漏漏洞-安全小百科CVE编号 CVE-2000-0126
图片[2]-IIS Sample Internet Data Query (IDQ)信息泄漏漏洞-安全小百科CNNVD-ID CNNVD-200001-058
漏洞平台 Multiple CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/19742
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200001-058
|漏洞详情
IIS3和IIS4中样板InternetDataQuery(IDQ)脚本存在漏洞。远程攻击者可以借助..(点点)攻击读取文件。
|漏洞EXP
source: http://www.securityfocus.com/bid/968/info

A vulnerability in idq.dll can allow an attacker to gain read access to any file on the same logical drive as the web server virtual root. The attacker has to know the physical path and filename of the requested file, and the ACL for the file must specify read access for either the anonymous user or the Everyone or Guest group.

idq.dll will follow the '../' string in the specification of a template file. Any file can be specified as the template file. Although some IDQ files append the '.htx' extension to the user's input, it is possible to circumvent this by appending several spaces to the end of the requested filename, eg: 'desiredfile.txt%20%20%20...%20%20.htx'. What this will do is provide the '.htx' so the system thinks it is a valid template file, but when it retrieves the file the '.htx' string is pushed out of the buffer, the spaces are ignored, and the desired file is returned.

The webhits.dll patch (Microsoft Security Bulletin MS00-006, at http://www.securityfocus.com/templates/advisory.html?id=2060, and Bugtraq ID 950, at http://www.securityfocus.com/bid/950)may in some cases affect the nature of this vulnerability. If this patch has been applied, IDQ files will only be vulnerable if they do not append the .htx extension. 

http ://target/query.idq?CiTemplate=../../../somefile.ext
|参考资料
VulnerablesoftwareandversionsConfiguration1OR*cpe:/a:microsoft:internet_information_server:3.0*cpe:/a:microsoft:internet_information_server:4.0*DenotesVulnerableSoftware*ChangesrelatedtovulnerabilityconfigurationsTechnicalDetailsVulnerabilityType(ViewAll)CVEStandardVulnerabilityEntry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0126

相关推荐: Linux kernel pcilynx ieee1394 firewire驱动程序(pcilynx.c)未知影响和攻击向量漏洞

Linux kernel pcilynx ieee1394 firewire驱动程序(pcilynx.c)未知影响和攻击向量漏洞 漏洞ID 1203295 漏洞类型 未知 发布时间 2002-12-31 更新时间 2002-12-31 CVE编号 CVE-20…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享