There have been a handful of bugs found in CodeBrws.asp, the latest one I
found by bypassing the Instr("..") checks using the unicode equivalents.
You can find the original advisory along with an example exploitation
request at the first URL below. Another vulnerability was found which
bypasses the extension checks as well, so ANY file can be read, not just
those ending in asp, html, or the other allowed extensions.
http://www.securityfocus.com/archive/1/267945
and
http://www.securityfocus.com/archive/1/268303
-HD
On Friday 13 June 2003 03:31 pm, Renaud Deraison wrote:
> On Fri, Jun 13, 2003 at 03:07:22AM -0700, hemant rathore wrote:
> > > Its written on iis_codebrws.nasl that it could be
> > > improved
> > > to use the output of webmirror.nasl and actually exploit
> > > the vulnerability.
> > > if you have tried to exploit this vulnerability, please
> > > tell me how can it be done.
> > > can anyone explain me the above sentence.
>
> It means that instead of looking for
> /iissamples/sdk/asp/docs/codebrws.asp, the output of webmirror could be
> used to make it display the source code of a .asp file found by
> webmirror.
>
>
> -- Renaud
