Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Microsoft IIS 5.1 Frontpage Extensions Path Disclosure Information Vulnerabil

Microsoft IIS 5.1 Frontpage Extensions Path Disclosure Information Vulnerabil

by Nikola Strahija on February 13th, 2002 An issue has been reported that a number of configuration files (.cnf) in Microsoft IIS 5.1, could be used to disclose sensitive system information to remote users.


Allegedly, submitting a request for one of the vulnerable files by way of '/_vti_pvt/', will cause the host to reveal system path information. The reported problematic files are 'access.cnf', 'botinfs.cnf', 'bots.cnf' and 'linkinfo.cnf'.

Microsoft has not confirmed the existence of these vulnerabilities.

Remote: Yes

Exploit: No exploit code is required.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »