Saturday, May 16, 2009

Microsoft IIS 6.0 WebDAV Remote Authentication Bypass

This vulnerability allows remote attackers to bypass access restrictions on vulnerable installations of Internet Information Server 6.0.

The specific flaw exists within the WebDAV functionality of IIS 6.0. The Web Server fails to properly handle unicode tokens when parsing the URI and sending back data. Exploitation of this issue canresult in the following:

Authentication bypass of password protected folders
Listing, downloading and uploading of files into a password protected WebDAV folder


Exploit -

More information can be found here.

No comments:

Post a Comment