Preface: HTTP URL with ::$DATA appendedLogo -Internet Security Systems

HTTP URL with ::$DATA appended
advICE :Intrusions : 2000607
 FAQ
Oh my gosh, I'm being HACKED!!!
How do I report the hacker to my ISP?
I'm seeing lots of attacks, is this normal?
Summary

A specially constructed URL which may allow undesirable access has been seen.

Details

An attempt has been made to access a file with a trailing ::$DATA. Some servers will return the original asp file, rather than executing the asp code, thus revealing to the potential attacker critical information about the server. Consult the Microsoft Advisory to determine if your server software is susceptible to this attack.

Server source code often contains hidden passwords, hidden filenames, or easy-to-find bugs. The hacker can then use this hidden information to break into the server.

 more information
Microsoft Security Bulletin (MS98-003)  
 
BugtraqID: 149   NT IIS ASP Alternate Data Streams Vulnerability
 
MS Bulletin: MS98-003  
 
CVE-1999-0278   Attackers can obtain source code for ASP files by appending "::$DATA" to the URL.
 

 parametric information
URLThe suspicious URL.
accessedIndicates whether the URL was successfully accessed.
codeThe HTTP return code.
argThe argument to the GET command (if any).

 
Version appeared:
Privacy Policy |  Copyright Info