module
MS01-026 Microsoft IIS/PWS CGI Filename Double Decode Command Execution
| Disclosed | Created |
|---|---|
| May 15, 2001 | May 30, 2018 |
Disclosed
May 15, 2001
Created
May 30, 2018
Description
This module will execute an arbitrary payload on a Microsoft IIS installation
that is vulnerable to the CGI double-decode vulnerability of 2001.
This module has been tested successfully on:
Windows 2000 Professional (SP0) (EN);
Windows 2000 Professional (SP1) (AR);
Windows 2000 Professional (SP1) (CZ);
Windows 2000 Server (SP0) (FR);
Windows 2000 Server (SP1) (EN); and
Windows 2000 Server (SP1) (SE).
Note: This module will leave a Metasploit payload exe in the IIS scripts directory.
that is vulnerable to the CGI double-decode vulnerability of 2001.
This module has been tested successfully on:
Windows 2000 Professional (SP0) (EN);
Windows 2000 Professional (SP1) (AR);
Windows 2000 Professional (SP1) (CZ);
Windows 2000 Server (SP0) (FR);
Windows 2000 Server (SP1) (EN); and
Windows 2000 Server (SP1) (SE).
Note: This module will leave a Metasploit payload exe in the IIS scripts directory.
Author
jduck [email protected]
Platform
Windows
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.