Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Proxies Add a Protective Shield: Page 13 of 22

Feedback form SQL tampering: Execution of additional SQL queries, used to run a xp_cmdshell command on a MS SQL Server via a textarea form element.

IIS Unicode attack: (CVE-2000-0884) The Unicode attack let us run various executables outside the webroot. We ran the attack using the '/scripts/' and '/_vti_bin/' base directories.

Allows OPTIONS request: We made a simple OPTIONS request to see what methods the server reports allowed. This is a mild information leak that can aid an attacker in understanding how the Web server is configured.

IIS .printer buffer overflow: (CVE-2001-0241) A straight buffer overflow in the IIS .printer handler, which let us run arbitrary code.

Open FrontPage web: We used the FrontPage client to modify the HTML of pages found on the server. The test server was incorrectly configured to not require authentication (what is considered to be an "open" FrontPage Web).