lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
From: ben.moeckel at (
Subject: [bWM#013] IIS (patched) may execute any file in a ".asp"-directory (bad behavior)

badWebMasters security advisory #013 

IIS (patched) may execute any file in a ".asp"-directory (bad behavior) 

Discovery date: 2003-05-17 
ben moeckel (
When a directory is named like an asp-file the asp engine will parse any
file in it, no matter what extension the file has.

This may be dangerous when users where able to create directories and
upload images in it, a malicious user could upload an asp- script with
the extension of an image and run it on the server. 
Create the directory "test.asp" in your webroot and place the following
file in it:

-- exploit.gif ------------------------------------

	Hello world, I'm an image!

Open http://localhost/test.asp/exploit.gif in your browser and you
should read the message.
Live sample: 
Microsoft has been contacted 06-16-03 via the webform about this bug. 
References: "Verschickter IIS..." (german)

Path Parsing Errata in Apache
Comments, suggestions, updates, anything else?
Source: (text/html) 

badWebMasters - ben moeckel security research
copyright 2k1-3 by Benjamin Klimmek / Germany

Powered by blists - more mailing lists