Microsoft IIS 5.0 - IDC Extension Cross-Site Scripting

EDB-ID:

21910

CVE:


EDB Verified:

Author:

Roberto

Type:

remote

Exploit:   /  

Platform:

Windows

Date:

2002-10-05

Vulnerable App: 
source: https://www.securityfocus.com/bid/5900/info

A vulnerability in Microsoft Internet Information Server (IIS) may make cross-site scripting attacks possible.

When IIS receives a request for an .idc file, the server typically returns a 404 message when the page does not exist. However, when a request containing a long URL and ending in the .idc extension is received by IIS, the entire contents of the URL are returned on the error page without the sanitizing of input. This could result in the execution of arbitrary script code. 

http://www.example.com/<long_buffer><script_to_execute>.idc
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services