Comments on: IIS5.1 Directory Authentication Bypass by using “:$I30:$Index_Allocation” http://soroush.secproject.com/blog/2010/07/iis5-1-directory-authentication-bypass-by-using-i30index_allocation/ Soroush Dalili's blog - بلاگ سروش دلیلی Thu, 05 Jan 2012 08:06:32 +0000 hourly 1 By: Anonymous http://soroush.secproject.com/blog/2010/07/iis5-1-directory-authentication-bypass-by-using-i30index_allocation/comment-page-1/#comment-4491 Anonymous Fri, 17 Sep 2010 18:37:22 +0000 http://soroush.secproject.com/blog/?p=263#comment-4491 Fixed by MS10-065; CVE-2010-2731? Fixed by MS10-065; CVE-2010-2731?

]]> By: Soroush Dalili http://soroush.secproject.com/blog/2010/07/iis5-1-directory-authentication-bypass-by-using-i30index_allocation/comment-page-1/#comment-4389 Soroush Dalili Sun, 08 Aug 2010 11:19:19 +0000 http://soroush.secproject.com/blog/?p=263#comment-4389 I answered all the comments through my email. IIS<=5.1 are still unpatched. In order to be secure, install URLScan on your web-server. It is not only possible to stop this attack by filtering ":" and "$" characters as there are some other unicode forms for these characters. Unfortunately, IIS5.1 supports illegal unicode form of characters as well. I answered all the comments through my email.
IIS<=5.1 are still unpatched. In order to be secure, install URLScan on your web-server. It is not only possible to stop this attack by filtering “:” and “$” characters as there are some other unicode forms for these characters. Unfortunately, IIS5.1 supports illegal unicode form of characters as well.

]]> By: pavlovconst http://soroush.secproject.com/blog/2010/07/iis5-1-directory-authentication-bypass-by-using-i30index_allocation/comment-page-1/#comment-4386 pavlovconst Tue, 27 Jul 2010 22:42:53 +0000 http://soroush.secproject.com/blog/?p=263#comment-4386 it was very interesting to read soroush.secproject.com I want to quote your post in my blog. It can? And you et an account on Twitter? it was very interesting to read soroush.secproject.com
I want to quote your post in my blog. It can?
And you et an account on Twitter?

]]> By: Derek McUmber http://soroush.secproject.com/blog/2010/07/iis5-1-directory-authentication-bypass-by-using-i30index_allocation/comment-page-1/#comment-4355 Derek McUmber Sat, 10 Jul 2010 13:10:39 +0000 http://soroush.secproject.com/blog/?p=263#comment-4355 Using this method <location path="account"> <system.web> <authorization> <deny users="?"/> </authorization> </system.web> </location> Using this method

<location path=”account”>
<system.web>
<authorization>
<deny users=”?”/>
</authorization>
</system.web>
</location>

]]> By: Derek McUmber http://soroush.secproject.com/blog/2010/07/iis5-1-directory-authentication-bypass-by-using-i30index_allocation/comment-page-1/#comment-4354 Derek McUmber Sat, 10 Jul 2010 13:08:42 +0000 http://soroush.secproject.com/blog/?p=263#comment-4354 This vulnerability does not appear to apply if there is .NET 1.1 or later installed and in use via aspx pages on the IIS 5.X instance. Therefore, this vulnerability appears to be limited to .asp and the old style of windows web page development. So far, all tests we have conducted give the proper 404 page not found response when using :$I30:$INDEX_ALLOCATION on directory folders listed as protected in Web.config using this method: This vulnerability does not appear to apply if there is .NET 1.1 or later installed and in use via aspx pages on the IIS 5.X instance. Therefore, this vulnerability appears to be limited to .asp and the old style of windows web page development. So far, all tests we have conducted give the proper 404 page not found response when using :$I30:$INDEX_ALLOCATION on directory folders listed as protected in Web.config using this method:

]]> By: Haha – IIS 5.1 Directory Authentication Bypass « New World D0mber http://soroush.secproject.com/blog/2010/07/iis5-1-directory-authentication-bypass-by-using-i30index_allocation/comment-page-1/#comment-4341 Haha – IIS 5.1 Directory Authentication Bypass « New World D0mber Fri, 02 Jul 2010 18:27:10 +0000 http://soroush.secproject.com/blog/?p=263#comment-4341 [...] 5.1 is quite old! More to read here or [...] [...] 5.1 is quite old! More to read here or [...]

]]> By: Microsoft Internet Information Services Basic Authentication Security Bypass « zencurity http://soroush.secproject.com/blog/2010/07/iis5-1-directory-authentication-bypass-by-using-i30index_allocation/comment-page-1/#comment-4339 Microsoft Internet Information Services Basic Authentication Security Bypass « zencurity Fri, 02 Jul 2010 14:01:55 +0000 http://soroush.secproject.com/blog/?p=263#comment-4339 [...] ORIGINAL ADVISORY: http://soroush.secproject.com/blog/2010/07/iis5-1-directory-authentication-bypass-by-using-i30index_... [...] [...] ORIGINAL ADVISORY: http://soroush.secproject.com/blog/2010/07/iis5-1-directory-authentication-bypass-by-using-i30index_... [...]

]]>