[Snort-sigs] Snortdb (Rule: WEB-IIS .asp$data access)
mdessus at ...324...
Sat Jan 26 16:49:02 EST 2002
# This is a template for submitting snort signature descriptions to
# the snort.org website
# Ensure that your descriptions are your own
# and not the work of others. References in the rules themselves
# should be used for linking to other's work.
# If you are unsure of some part of a rule, use that as a commentary
# and someone else perhaps will be able to fix it.
Rule: WEB-IIS .asp$data access
Summary: Attempt to access the source of a asp (or other scripting
language) hosted on an IIS web server using Windows alternate data
Impact: An attacker may have access to the source of scripted
applications of your webserver.
Detailed Information: On an NTFS file system, a file may have multiple
data streams. By requesting an access to a file, but specifiyng the data
stream on IIS 3, 4 or some other windows-based web server, the server
will return the data of the file instead of processing this data.
It may be possible to access to sensitive information, like internal
Attack Scenarios: An attacker adds "::$DATA" at the end of an asp or
other script url.
Ease of Attack: Very easy: you just have to paste "::$DATA" to the end
of an URL.
Corrective Action: Apply Microsoft patch.
PS: This is bugtraq number 149, not 140 !
Linux, c'est free mais c'est pas grave !
More information about the Snort-sigs