|
-
August 2nd, 2004, 12:42 AM
#1
Junior Member
Found Web Sit vulnerabilities, then what?
Hello all,
I have my fist project to evaluate a web site vulnerabilities, so your help is appreciated.
Ok, so I made a cgi scan, here what I got, and all are open!:
/iishelp/iis/misc/iirturnh.htw
/iissamples/exair/search/qfullhit.htw
/iissamples/exair/search/qsumrhit.htw
/iissamples/issamples/oop/qfullhit.htw
/iissamples/issamples/oop/qsumrhit.htw
/scripts/samples/search/qfullhit.htw
/scripts/samples/search/qsumrhit.htw
/null.ida
/null.idq
/iisadmin/
/_vti_bin/shtml.dll/_vti_rpc
/abczxv.htw
/_vti_bin/fpcount.exe?Page=default.htm|Image=2|Digits=1
/msadc/msadcs.dll
/_vti_bin/shtml.dll/nosuch.htm
/_vti_bin/shtml.dll HTTP/1.0
/_vti_bin/shtml.exe HTTP/1.0
I was happy at first and then not.
I can go to all ASP in: www.website.com/iisadmin/anything_here.asp
But I see them as a form, I can't do anything else.
I even used there: www.website.com/iishelp online while I am working to find vulnerabilities in thier site!!
I went to www.netcraft.net and found they are on ISS 5.0
when I go to www.website.com/iishelp
I found its the documentation of (Internet Information Services 5.0)
BUT when I go to: www.website.com/iisadmin/iabout.asp
I found that they are on ISS 4.0!
Ok, so I brought a server, I went to /iisadmin directory and started to test every ASP there, then tried to test it on my client web site and ALL WORKED.
I mean http://www.website.com/iisadmin/you_...thing_here.asp
I said to myself maybe they have updated to IIS 5.0 but still they have /iisadmin of the older version ISS 4.0
I used netcat and found they are using IIS 5.O
and also Simple, Secure Web Server 1.1
and I am thinking of using Achilles Proxy server man-in-the-middle-
My questions to all you experts are:
1. Can I gain ROOT from www.website.com/iishelp
2. Can I gain ROOT from www.website.com/iisadmin
3. Why published exploit not working on every directory shown in the cgi scanner? but still I can view all including /_vti_bin/, /iisadmin...etc?
4. I used netcat and found they are using IIS 5.O and also Simple, Secure Web Server 1.1 and I am thinking of using Achilles Proxy server man-in-the-middle-attack, so my question can Achilles help at all here?
5. In this stage can I do anything at all??!
(I am in thier IIS admin wizard now at www.website.com/iisadmin/iiwizsec.asp and just staring at the page)!.
I really appreciate you help since this is my first project.
Thank you in advance.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote