Yup, you read it right.... Microsoft has a new vulnerability in IIS 6.0 which is more specifically: WebDav Unicode Remote Auth Bypass.
This means that an attacker can send malformed requests to the web server via the URL of a browser and be able to bypass passwords to download and list files on the webserver's protected folders.
Simple and easy way to hack IIS! Here are the details and links:
http://www.cgisecurity.com/2009/05/iis60-webdav-unicode-remote-auth-bypass.html
http://blog.zoller.lu/2009/05/iis-6-webdac-auth-bypass-and-data.html
http://www.theregister.co.uk/2009/05/18/iis6_file_pilfering_bug/
Happy Hacking :)
Clean Hack .com | Dubai Con .com | Dubai hackers .com | Dubai Security .net | Dubai Sec .com | Fan Hack .com | Wave Hacking .com | Hacker Pages .com | Hacking - Tools .com | UAE CON .com | UAE GSM .com | UAE Hacker .com | UAE IT .com | UAE Defense .com | UAE RAK .com

United Arab Emirate's site for security news, latest security blog posts, security podcasts, hardware hacks and security related links.
Tuesday, May 19, 2009
Unicode on IIS Vulnerability...Again!
Labels:
bypass,
Exploit,
findings,
hacking,
IIS 6.0,
list files,
passwords,
protected folders,
Vulnerability,
WebDav
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment