Reported January 8, 2001, by Georgi Guninski

VERSIONS AFFECTED
  • Microsoft Internet Information Server 5.0

DESCRIPTION

IIS 5.0 might reveal the contents of script files (such as Perl scripts) when particular characters are used within a URL.

DEMONSTRATION

The following URL will reveal the contents of the test.pl file. Note the "%3F+.htr" suffix appended to the URL:

http://localhost/scripts/test.pl%3F+.htr

In addition, it has been reported that the following variant works to expose script contents:

http://localhost/scripts/test.pl+.htr

VENDOR RESPONSE

Microsoft was informed of the problem on January 4, 2000, but the company has not provided a response at this time.

CREDIT
Discovered by Georgi Guninski