Content

Unix/Exploit-IIS

Type
Malware
SubType
Exploit
Discovery Date
09/13/2001
Length
various
Minimum DAT
4164 (10/03/2001)
Updated DAT
4754 (05/03/2006)
Minimum Engine
5.1.00
Description Added
04/02/2003
Description Modified
04/02/2003 9:46 AM (PT)
Risk Assessment
Corporate User
Low
Home User
Low

Tab Navigation

Characteristics

Exploit-IIS is a perl tool that verify web servers vulnerability against the "/" encoding.
It tries to access the remote web server root by using encoded "/" (the otherwise called "dot dot root vulnerability"). If successful it lists all accessible folders and vulnerable executables such as cmd.exe. It support ssl (https) and provides some upload features.

Note: Although this program is specifically designed as a security test tool it could be used by a malicious attacker to compromise remote web servers.
There are know variants that behave slightly differently.

Symptoms

N.A.

Method of Infection

This tool tests remote web server "dot dot root" vulnerability.

Removal

All Users:
Use specified engine and DAT files for detection and removal.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

Additional Windows ME/XP removal considerations

Variants

Variants

    N/A

All Information

Overview -

Characteristics

Characteristics -

Exploit-IIS is a perl tool that verify web servers vulnerability against the "/" encoding.
It tries to access the remote web server root by using encoded "/" (the otherwise called "dot dot root vulnerability"). If successful it lists all accessible folders and vulnerable executables such as cmd.exe. It support ssl (https) and provides some upload features.

Note: Although this program is specifically designed as a security test tool it could be used by a malicious attacker to compromise remote web servers.
There are know variants that behave slightly differently.

Symptoms

Symptoms -

N.A.

Method of Infection

Method of Infection -

This tool tests remote web server "dot dot root" vulnerability.

Removal -

Removal -

All Users:
Use specified engine and DAT files for detection and removal.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

Additional Windows ME/XP removal considerations

Variants

Variants -

    N/A