|Category:||Web application abuses|
|Title:||SQLQHit Directory Structure Disclosure|
|Summary:||The Sample SQL Query CGI is present. ;The sample allows anyone to structure a certain query that would retrieve;the content of directories present on the local server.|
The Sample SQL Query CGI is present.
The sample allows anyone to structure a certain query that would retrieve
the content of directories present on the local server.
Use Microsoft's Secure IIS Guide (For IIS 4.0 or IIS 5.0 respectively) or
Microsoft's IIS Lockdown tool to remove IIS samples.
http://www.securiteam.com/tools/5QP0N1F55Q.html (IIS Lookdown)
http://www.securiteam.com/windowsntfocus/5HP05150AQ.html (Secure IIS 4.0)
http://www.securiteam.com/windowsntfocus/5RP0D1F4AU.html (Secure IIS 5.0)
BugTraq ID: 3339|
Common Vulnerability Exposure (CVE) ID: CVE-2001-0986
Bugtraq: 20010914 Security Vulnerability with Microsoft Index Server 2.0(Sample file reveals file info, physical path etc) (Google Search)
XForce ISS Database: winnt-indexserver-sqlqhit-asp(7125)
|Copyright||This script is Copyright (C) 2001 SecuriTeam|
|This is only one of 58962 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.