Attack Tool Kit 4.1 - Microsoft Internet Information Server 4.0 non existent file .idq path disclosure.plugin 1.0

Microsoft Internet Information Server 4.0 non existent file .idq path disclosure 1.0

Plugin ID	316
Plugin name	Microsoft Internet Information Server 4.0 non existent file .idq path disclosure
Plugin filename	Microsoft Internet Information Server 4.0 non existent file .idq path disclosure.plugin
Plugin filesize	2975 bytes
Plugin family	HTTP
Plugin created name	Marc Ruef
Plugin created email	marc.ruef at computec.ch
Plugin created web	http://www.computec.ch
Plugin created company	computec.ch
Plugin created date	2005/01/05
Plugin version	1.0
Plugin protocol	tcp
Plugin port	80
Plugin procedure detection	open\|send HEAD / HTTP/1.0\n\n\|sleep\|close\|pattern_exists HTTP/#.# ### Server: Microsoft-IIS/4.0
Plugin procedure exploit	open\|send GET /anything.idq HTTP/1.0\n\n\|sleep\|close\|pattern_exists [a-z]\:\\anything*
Plugin detection accuracy	80
Plugin exploit accuracy	90
Plugin comment	The NASL script is Copyright (C) 2000 Filipe Custodio
Bug produced name	Microsoft
Bug produced email	info at microsoft dot com
Bug produced web	http://www.microsoft.com
Bug affected	Microsoft Internet Information Server 4.0
Bug not affected	Other versions of the Microsoft Internet Information Server or other web servers
Bug vulnerability class	Configuration
Bug description	IIS 4.0 allows a remote attacker to obtain the real pathname of the document root by requesting non-existent files with .ida or .idq extensions. An attacker may use this flaw to gain more information about the remote host, and hence make more focused attacks.
Bug solution	Select 'Preferences ->Home directory ->Application', and check the checkbox 'Check if file exists' for the ISAPI mappings of your server.
Bug fixing time	Approx. 15 minutes
Bug exploit availability	Yes
Bug exploit url	http://www.securityfocus.com/bid/1065/exploit/
Bug remote	Yes
Bug local	Yes
Bug severity	Low
Bug popularity	8
Bug simplicity	7
Bug impact	4
Bug risk	6
Bug Nessus risk	Low
Bug check tools	Nessus can check this flaw with the plugin 10492 (IIS IDA/IDQ Path Disclosure).
Source CVE	CAN-2000-0071
Source SecurityFocus BID	1065
Source Nessus ID	10492
Source Literature	Hacking Exposed: Network Security Secrets & Solutions, Stuart McClure, Joel Scambray and George Kurtz, February 25, 2003, 4th Edition, McGraw-Hill Osborne Media, ISBN 0072227427
Source Misc.	http://www.computec.ch

This file was generated by the Attack Tool Kit (ATK), the open-sourced security scanner and exploiting framework.