Yup, you read it right.... Microsoft has a new vulnerability in IIS 6.0 which is more specifically: WebDav Unicode Remote Auth Bypass.
This means that an attacker can send malformed requests to the web server via the URL of a browser and be able to bypass passwords to download and list files on the webserver's protected folders.
Simple and easy way to hack IIS! Here are the details and links:
http://www.cgisecurity.com/2009/05/iis60-webdav-unicode-remote-auth-bypass.html
http://blog.zoller.lu/2009/05/iis-6-webdac-auth-bypass-and-data.html
http://www.theregister.co.uk/2009/05/18/iis6_file_pilfering_bug/
Happy Hacking :)
United Arab Emirate's site for security news, latest security blog posts, security podcasts, hardware hacks and security related links.
Tuesday, May 19, 2009
Unicode on IIS Vulnerability...Again!
Labels:
bypass,
Exploit,
findings,
hacking,
IIS 6.0,
list files,
passwords,
protected folders,
Vulnerability,
WebDav
Subscribe to:
Post Comments (Atom)
SecurityStreet:
PandaLabs Blog
Webroot Threat Blog
Daily Infosec News
HITBSecNews
Naked Security - Sophos
Taddong
Zone-H.org News
CGISecurity
ArsTechnica:
HACK A DAY
Help Net Sec
The Spanner
Middle East Technology News
CRIME
Selil Blog
HACKING IN THE NEWS
Special Defacements
The Certified Geek
DoS Files ≈ Packet Storm
E Hacking News
Banned in UAE:
The following websites are blocked by ISPs in UAE.
News ≈ Packet Storm
DARKNET
MySecured.com
All rights reserved.
No comments:
Post a Comment