Rapid7 Vulnerability & Exploit Database

NT IIS Showcode ASP Vulnerability

Back to Search

NT IIS Showcode ASP Vulnerability

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
05/07/1999
Created
07/25/2018
Added
11/01/2004
Modified
03/21/2018

Description

A sample Active Server Page (ASP) script installed by default on Microsoft's Internet Information Server (IIS) 4.0 gives remote users access to view any file on the same volume as the web server that is readable by the web server.

IIS 4.0 installs a number of sample ASP scripts including one called "showcode.asp". This script allows clients to view the source of other sample scripts via a browser. The "showcode.asp" script does not perform sufficent checks and allows files outside the sample directory to be requested. In particular, it does not check for ".." in the path of the requested file.

The script takes one parameter, "source", which is the file to view. The script's default location URL is:

http://www.sitename.com/msadc/Samples/SELECTOR/showcode.asp

Similar vulnerabilities have been noted in ViewCode.asp, CodeBrws.asp and Winmsdp.exe.

Solution(s)

  • http-iis-0019

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;