Ferruh passed this onto me and this looks like a really interesting vulnerability. Essentially if you can upload a file with semicolon(;) in it, you may be able to upload and execute asp code.
IIS can execute any extension as an Active Server Page or any other executable extension. For instance “malicious.asp;.jpg” is executed as an ASP file on the server. Many file uploaders protect the system by checking only the last section of the filename as its extension. And by using this vulnerability, an attacker can bypass this protection and upload a dangerous executable file on the server.
Original Advisory can be found here
1:48 am on December 25th, 2009
lol.This Vulnerability have be reported some months ago by kevin1986 from China.
Original:http://www.80sec.com/microsoft-internet-infomation-server-6-isapi-filename-analytic-vulnerabilitie.html
2:57 am on December 25th, 2009
door.asp;-.gif
door.php;-.gif
12:50 pm on December 28th, 2009
[...] IIS 0 day vulnerability in parsing files – notsosecure.com By using this vulnerability, an attacker can bypass protection and upload a dangerous executable file on the server. [...]
12:01 pm on December 29th, 2009
I guess the big question is, which apps are vulnerable, the obvious one which comes to my mind is the sharepoint. Is that vulnerable?
8:45 am on January 11th, 2010
The problem with Sharepoint in my experience isn’t that you can’t get malicious code uploaded but that it has some kind of sandbox that prevents arbitrary ASPX files from being executed.