IIS 0 day vulnerability in parsing files

December 24, 2009

Ferruh passed this onto me and this looks like a really interesting vulnerability. Essentially if you can upload a file with semicolon(;) in it, you may be able to upload and execute asp code.

IIS can execute any extension as an Active Server Page or any other executable extension. For instance “malicious.asp;.jpg” is executed as an ASP file on the server. Many file uploaders protect the system by checking only the last section of the filename as its extension. And by using this vulnerability, an attacker can bypass this protection and upload a dangerous executable file on the server.

Original Advisory can be found here

Comments

5 Comments

1 Trackback

Leave a Reply

Your email address will not be published. Required fields are marked *

Trackback