Nessus Plugin #10765

Plugin Index

Note: This file has been created from a downloaded version of the Nessus Plugins from http://www.nessus.org/. Therefore, the information here can be outdated.

SQLQHit Directory Structure Disclosure

Family:
CGI abuses
Category:
infos
Copyright:
This script is Copyright (C) 2001 SecuriTeam
Summary:
SQLQHit Directory Stracture Disclosure
Version:
$Revision: 1.17 $
Cve_id:
CAN-2001-0986
Bugtraq_id:
3339
Xrefs:
-
Description:

The Sample SQL Query CGI is present.
The sample allows anyone to structure a certain query that would retrieve
the content of directories present on the local server.

Solution: Use Microsoft's Secure IIS Guide (For IIS 4.0 or IIS 5.0 respectively) or
Microsoft's IIS Lockdown tool to remove IIS samples.

Risk factor : Medium

Additional information:
http://www.securiteam.com/tools/5QP0N1F55Q.html (IIS Lookdown)
http://www.securiteam.com/windowsntfocus/5HP05150AQ.html (Secure IIS 4.0)
http://www.securiteam.com/windowsntfocus/5RP0D1F4AU.html (Secure IIS 5.0)
Generiert am 27.04.2005 um 18:49:54 Uhr.