[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Re: IIS5.1 Directory Authentication Bypass by using ?:$I30:$Index_Allocation?

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Re: IIS5.1 Directory Authentication Bypass by using ?:$I30:$Index_Allocation?
From: steve.povolny@xxxxxx
Date: 3 Sep 2010 16:53:06 -0000

There's not a lot in the way of information about IIS settings required to 
exploit this.  What I've gleaned so far is IIS 5.1, and a request to a 
directory using the :$i30:$INDEX_ALLOCATION in the request...Can't seem to 
replicate this though.  Are there any other settings that you are aware of for 
IIS?  Basic auth required?  I'd like to find a way to replicate this in our 
environment.  Thanks!

Prev by Date: VUPEN Security Research - Google Chrome Focus Processing Memory Corruption Vulnerability (VUPEN-SR-2010-249)
Next by Date: Microsoft Internet explorer 8 DLL Hijacking (IESHIMS.DLL)
Previous by thread: VUPEN Security Research - Google Chrome Focus Processing Memory Corruption Vulnerability (VUPEN-SR-2010-249)
Next by thread: Microsoft Internet explorer 8 DLL Hijacking (IESHIMS.DLL)
Index(es):
- Date
- Thread