| TIP: Click on subject to list as thread! | ANSI |
| echo: | |
|---|---|
| to: | |
| from: | |
| date: | |
| subject: | Re: July patches |
From: "Geo"
"Mike N." wrote in message
news:7qacb2dk09mmsk16b96i7t651ig8vr1q4f{at}4ax.com...
> This is the first report of a remote IIS exploit in a very long time.
It
> would allow a mass IIS worm. Difficult to write, but not impossible with
> default configurations.
In php or cold fusion or heck even in dot net it would be considered a feature...
Also, note how Rich said you have to be allowed to upload an asp page, well
that's not completely correct. A web forum could possibly be used to post
such a malformed page. Depending on how the site works, anything that
allows a web visitor to post unchecked text and then view that text as a
web page could possibly be used to exploit this if they can get the server
to interpret that text.
I don't believe it could be used to generate a worm though, the base of IIS
servers that allow anonymous posting of unchecked content is imo far too
small to support a worm. However it could be used to compromise any of the
large hosting outfits that allow site owners to upload asp pages so it is
an important patch.
Geo.
--- BBBS/NT v4.01 Flag-5
* Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/45)SEEN-BY: 633/267 270 5030/786 @PATH: 379/45 1 106/2000 633/267 |
|
| SOURCE: echomail via fidonet.ozzmosis.com | |
Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.