| EDB-ID: 14179 | CVE: 2010-2731 | OSVDB-ID: 66160 |
| Author: Soroush Dalili | Published: 2010-07-02 | Verified:  |
Exploit Code:  |
Vulnerable App: N/A |
Rating |
|
MS10-065 - Directory Authentication Bypass Vulnerability Description: This vulnerability is because of using Alternate Data Stream to open a protected folder. All of IIS authentication methods can be circumvented. In this technique, we can add a “:$i30:$INDEX_ALLOCATION” to a directory name to bypass the authentication. Download: http://www.exploit-db.com/sploits/IIS5.1_Authentication_Bypass.pdf