SQLQHit Directory Structure Disclosure Network Vulnerability

Summary

The Sample SQL Query CGI is present. The sample allows anyone to structure a certain query that would retrieve the content of directories present on the local server.

Solution

Use Microsoft's Secure IIS Guide (For IIS 4.0 or IIS 5.0 respectively) or Microsoft's IIS Lockdown tool to remove IIS samples. Additional information: http://www.securiteam.com/tools/5QP0N1F55Q.html (IIS Lookdown) http://www.securiteam.com/windowsntfocus/5HP05150AQ.html (Secure IIS 4.0) http://www.securiteam.com/windowsntfocus/5RP0D1F4AU.html (Secure IIS 5.0)

Severity

Classification

CVE CVE-2001-0986

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apache Struts Cross Site Scripting Vulnerability
AeroMail Cross Site Request Forgery, HTML Injection and Cross Site Scripting Vulnerabilities
Adobe ColdFusion HTTP Response Splitting Vulnerability
AdaptCMS Lite Cross Site Scripting and Remote File Include Vulnerabilities
Apache Rave User Information Disclosure Vulnerability

Take action and discover your vulnerabilities