Sharovatov’s Weblog

critical IIS vulnerability

Posted in security, web-development by sharovatov on 29 December 2009

Just got a link from our system administratorhttp://securityvulns.ru/Wdocument993.html 

Go read the vulnerability description now!

Basically – if your users upload files to your site and THEY specify file names, you’re vulnerable:

#Vulnerability/Risk Description:
– IIS can execute any extension as an Active Server Page or any other executable extension.
For instance “malicious.asp;.jpg” is executed as an ASP file on the server. Many file
uploaders protect the system by checking only the last section of the filename as its
extension. And by using this vulnerability, an attacker can bypass this protection and upload a dangerous executable file on the server.

There’s an unchecked patch for this vulnerability, but again this shows that you just can’t allow any user input saved to your system without filtering.

So, if you allow file uploads – your script have to specify filenames, not users.


Share :

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: