Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Web Server/CGI)  >   Microsoft Internet Information Server (IIS) Web Server Vendors:   Microsoft
Microsoft IIS 4.0 Configuration Error May Allow Remote Users to Obtain Physical Directory Path Information
SecurityTracker Alert ID:  1002733
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Nov 13 2001
Impact:   Disclosure of system information
Exploit Included:  Yes  
Version(s): IIS 4.0
Description: reported an information disclosure vulnerability in Microsoft IIS 4.0 web server using ASP pages when not properly configured. The server may disclose physical path information to remote users.

It is reported that, if not properly configured to turn off ODBC error logging, the server may return the physical path of the directory in response to certain default.asp URL requests.

A demonstration exploit transcript is provided in the Source Message.

Impact:   A remote user may be able to obtain physical path information from the web server.
Solution:   It is reported that detailed ODBC error logging can be turned off to avoid disclosing this information.
Vendor URL: (Links to External Site)
Cause:   Configuration error
Underlying OS:  Windows (NT)

Message History:   None.

 Source Message Contents

Subject:  Weakness in default.asp [ Research]

Research by

This weakness was found on some IIS 4.0 servers
with the next characteristics or similar:

HTTP/1.1 302 Object moved
Server: Microsoft-IIS/4.0
Date: Mon, 12 Nov 2001 19:24:52 GMT
Connection: Keep-Alive
Content-Length: 153
Content-Type: text/html
Cache-control: private

When you ask for a certain URL, it shows the real path of
the Web Site files in the server.
It can be exploited this way:

For example:

It will respond with the nexy data:

error '80020009'
Exception occurred.


As you can see, it reveals the real path of
the site directory.

The HTML code of the response:

function PopUp(destino)
        var ventana =, "_blank", "left=0,top=0,width=790,height=520,toolbar=no,location=no,status=yes,menubar=no,resizable=yes,scrollbars=yes");
function sugerencias(d)
        var + "&title=" + document.title, '_blank', 'left=0,top=0,width=320,height=380,toolbar=no,location=no,status=yes,menubar=no,resizable=no,scrollbars=no')

function comentarios(d)
        var + "&title=" + document.title, '_blank', 'left=0,top=0,width=340,height=380,toolbar=no,location=no,status=yes,menubar=no,resizable=no,scrollbars=yes')
 <font face="Arial" size=2>error '80020009'</font>
<font face="Arial" size=2>Exception occurred.
<font face="Arial" size=2>D:\SITIOS_WEB\TECTIMES\NUEVO\SISTEMAMAS\../body.htm</font><font face="Arial" size=2>, line 74</font>

     I will keep on investigating this and send you some more
information as soon as I get it.
            Greetz from Argentina

KerozenE 1999-2001 c0oL!
Webmaster of
Moderator of HACKEMATE Security bulletin
Editor of the EZine HC&KTM


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, LLC