header-logo
Suggest Exploit
vendor:
IIS Web Server
by:
SecurityFocus
2.6
CVSS
LOW
Information Disclosure
200
CWE
Product Name: IIS Web Server
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
1999

IIS Web Server Root Directory Disclosure Vulnerability

The full physical path name for the IIS web server root directory may be obtained by attempting to view a non-existent .IDC file. The web server will return an error message that lists the absolute pathname of the 'missing' .IDC file.

Mitigation:

Ensure that the web server is configured to not return detailed error messages.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/299/info

The full physical path name for the IIS web server root directory may be obtained by attempting to view a non-existent .IDC file. The web server will return an error message that lists the absolute pathname of the "missing" .IDC file. 

"http://www.someURL.com/hackme.idc"

will return:

Error Performing Query
Error processing file 'c:\inetpub\scripts\samples\hackme.idc'

Navigation

Suggest Exploit

Services By CQR