Soroush Dalili has discovered a vulnerability in Microsoft Internet Information Services (IIS), which can be exploited by malicious people to potentially bypass certain security restrictions and compromise a vulnerable system.
The vulnerability is caused due to the web server incorrectly executing e.g. ASP code included in a file having multiple extensions separated by ";", only one internal extension being equal to ".asp" (e.g. "file.asp;.jpg"). This can be exploited to potentially upload and execute arbitrary ASP code via a third-party application using file extensions to restrict uploaded file types.
---------------------------
Original Advisory PDF
http://soroush.secproject.com/downloadable/iis-semicolon-report.pdf
Work successfully on IIS 6 and prior versions – IIS7 has not been tested yet – does not work on IIS7.5
No comments:
Post a Comment