Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:IIS:INDEX-SERVER-SQLQHIT |
|---|---|
Severity |
Warning |
Recommended |
No |
Category |
HTTP |
Keywords |
IIS SQLQHit.asp Information Disclosure |
Release Date |
2003/05/08 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: IIS SQLQHit.asp Information Disclosure
This signature detects attempts to exploit a known vulnerability in Microsoft Index Server 2.0. Attackers can manipulate the SQLQHit sample Active Server Page on a Microsoft IIS server to obtain system files, source code for other ASP files, and other potentially sensitive information.
Extended Description
The sqlqhit.asp sample file is used for performing web-based SQL queries. Malicious users could send specifically crafted HTTP request to an Internet Information Services server running Index Server to reveal path information, file attributes, and possibly some lines of the file contents. The sqlqhit.asp file is located in the \inetpub\iissamples\ISSamples\ folder and is installed by default.
Affected Products
- Microsoft index_server 2.0
References
- BugTraq: 3339
- CVE: CVE-2001-0986
- URL: http://www.securityfocus.com/archive/1/214217