Yup, you read it right.... Microsoft has a new vulnerability in IIS 6.0 which is more specifically: WebDav Unicode Remote Auth Bypass.
This means that an attacker can send malformed requests to the web server via the URL of a browser and be able to bypass passwords to download and list files on the webserver's protected folders.
Simple and easy way to hack IIS! Here are the details and links:
http://www.cgisecurity.com/2009/05/iis60-webdav-unicode-remote-auth-bypass.html
http://blog.zoller.lu/2009/05/iis-6-webdac-auth-bypass-and-data.html
http://www.theregister.co.uk/2009/05/18/iis6_file_pilfering_bug/
Happy Hacking :)
Subscribe to:
Post Comments (Atom)
Subscribe to RSS Feed
Posts
Comments
NEWS FEEDS:
SecurityStreet:
PandaLabs Blog
Webroot Threat Blog
Daily Infosec News
HITBSecNews
Naked Security - Sophos
Taddong
Zone-H.org News
CGISecurity
ArsTechnica:
HACK A DAY
Help Net Sec
The Spanner
Middle East Technology News
CRIME
Selil Blog
HACKING IN THE NEWS
Special Defacements
The Certified Geek
DoS Files ≈ Packet Storm
E Hacking News
Banned in UAE:
News ≈ Packet Storm
DARKNET
MySecured.com
No comments:
Post a Comment