Sunday, December 27, 2009

Microsoft IIS ASP Multiple Extensions Security Bypass

Soroush Dalili has discovered a vulnerability in Microsoft Internet Information Services (IIS), which can be exploited by malicious people to potentially bypass certain security restrictions and compromise a vulnerable system.

The vulnerability is caused due to the web server incorrectly executing e.g. ASP code included in a file having multiple extensions separated by ";", only one internal extension being equal to ".asp" (e.g. "file.asp;.jpg"). This can be exploited to potentially upload and execute arbitrary ASP code via a third-party application using file extensions to restrict uploaded file types.


Original Advisory PDF
Work successfully on IIS 6 and prior versions – IIS7 has not been tested yet – does not work on IIS7.5

No comments:

Post a Comment