site Search:


Home Reviews Tools Forums FAQs Find Service ISP News Maps About  
 
    All Forums Hot Topics Gallery






how-to block ads

  
Forums >

Broadband Tech > Security > Security > [MS DENIAL] Microsoft IIS 0-Day Vulnerability Parsing Files

Search Topic:
 Share Topic
Posting?
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
AuthorAll Replies


Steve
I know your IP address
Consultant
join:2001-03-10
Yorba Linda, CA
kudos:5

reply to Smokey Bear

Re: [CONFIRMED] Microsoft IIS 0-Day Vulnerability Parsing Files

said by Microsoft :

The key in this is the last point: for the scenario to work, the IIS server must already be configured to allow both “write” and “execute” privileges on the same directory. This is not the default configuration for IIS and is contrary to all of our published best practices. Quite simply, an IIS server configured in this manner is inherently vulnerable to attack.
Put another way: If an IIS web server allows you to upload and execute scripts on that server, you don't need to fool with semicolons or extensions - you can just upload and execute stuff directly.

Right?
to forum · permalink · 2009-12-29 17:12:41 ·
Forums > Broadband Tech > Security > Security

Saturday, 02-Jun 03:56:01 Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo
over 12.5 years online © 1999-2012 dslreports.com.
Most commented news this week
Hot Topics