Home » Hacking News » IIS4 DoS and cross site scripting vulnerability
IIS4 DoS and cross site scripting vulnerability
by phiber on March 29th, 2001 iSecureLabs team has found 2 vulnerabilites in Microsoft IIS4 regarding cross site scripting (javascript) and a denial of service attack against a server running the above stated version of Microsoft IIS.
Cross site scripting vulnerability example:
Using this crafted url
http://server.com/foo/<script>alert('test')</script>.stm
it will execute the JavaScript code on your computer.
Denial of Service vulnerability example:
By requesting several times a .stm file 500 char long
(http://server.com/foo/[a x 500].stm) the IIS4 server crash.
Perhaps it is possible to use this vulnerability to execute arbitrary code.
Download DoS exploit
iSecureLabs