will the plugin IIS XSS via 404 error, nessus id 10936 identify the issue discussed below on bugtraq? It looks like this discussion is about the same cross site scripting issues discussed in MS02-018 but the advisory is vague...any help?
thanks, Diana From: Roberto <[EMAIL PROTECTED]> Subject: IIS 5.0 Cross Site Scripting vulnerability To: [EMAIL PROTECTED] Precedence: list Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by PENTAGON-4DMS0.army.pentagon.mil id g95GGrw16700 SYSTEMS AFFECTED ======== IIS 5.0 / Windows 2000 SP2 - SRP1 (exploited with a browser) CONTENTS ========= Subject: IIS 5.0 Cross Site Scripting Vulnerability Date: 27 September 2002 Risk: Medium DESCRIPTION ========= IIS 5.0 can be forced to return malicious content in user's browser. By using a large buffer URL with the idc extension, IIS shows a non-standard error page, which contains also the entire address submitted. The problem is that the address returned is not urlencoded, then is possible to store a script in the url, that will be executed by the browser. DETAILS ========= http://server/<long_buffer>.idc http://server/<long_buffer><script_to_execute>.idc The total buffer must be long at least 334 chars. In the second case, <script_to_execute> is parsed by the server, printed in the html error page and executed by the browser. This may be used in a link for browsers and email clients. RISKS ========== Stealing cookies which may contain critical data (personal informations, passwords, etc). WORKAROUNDS ======== Remove the .idc extension from application mappings. Update to SP3. _________________________________________________________________ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx - [EMAIL PROTECTED]: general discussions about Nessus. * To unsubscribe, send a mail to [EMAIL PROTECTED] with "unsubscribe nessus" in the body.
