Home » Hacking News » IIS4 DoS and cross site scripting vulnerability

IIS4 DoS and cross site scripting vulnerability

by phiber on March 29th, 2001 iSecureLabs team has found 2 vulnerabilites in Microsoft IIS4 regarding cross site scripting (javascript) and a denial of service attack against a server running the above stated version of Microsoft IIS.

Cross site scripting vulnerability example:

Using this crafted url

http://server.com/foo/<script>alert('test')</script>.stm

it will execute the JavaScript code on your computer.

Denial of Service vulnerability example:

By requesting several times a .stm file 500 char long
(http://server.com/foo/[a x 500].stm) the IIS4 server crash.
Perhaps it is possible to use this vulnerability to execute arbitrary code.

Download DoS exploit

iSecureLabs

From the forum

The forums are now OPEN AGAIN!

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Our online shop
Top sellers
New Items
Books
Software

Xatrix.org © Copyright 2001-2016, Xatrix Security . All Rights Reserved
We worried for decades about WMDs – Weapons of Mass Destruction. Now it is time to worry about a new kind of WMDs – Weapons of Mass Disruption - John Mariotti

Users login

JOIN XATRIX

IIS4 DoS and cross site scripting vulnerability

Related articles

Advisories

Vulnerabilities

From the forum

Newsletter signup

Free E-books

Contact