| VID |
22030 |
| Severity |
20 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The MS index server sample file, SQLQHit.asp is vulnerable which reveals file info and physical path. The SQLQHit.asp file shipped with Microsoft Index Server 2.0 and Option pack 4.0, is installed under the directory "/inetpub/iissamples/ISSamples/" by default. SQLQHit.asp file is used for SQL based Search, can be used by a malicious user to gather information about files in virtual folders under certain conditions.
By sending certain type of query to SQLQHit.asp page, malicious user can exploit this vulnerability. This vulnerability reveals the physical path, file attribute and some lines source code of files in virtual directory. Malicious user can't modify or write through this vulnerability. But the user can gather more information about the files in virtual directory. The vulnerability can be exploited only if index server runs.
* References:
http://www.securityfocus.com/bid/3339
http://www.iss.net/security_center/static/7125.php |
| Recommendation |
Never install sample files on production servers. If you have sample folders like iissamples/issamples/, remove sample files. Microsoft promises next version of Index service won't have this vulnerablity. |
| Related URL |
CVE-2001-0986 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
