Short Name |
HTTP:IIS:INDEX-SERVER-SQLQHIT |
---|---|
Severity |
Warning |
Recommended |
No |
Category |
HTTP |
Keywords |
IIS SQLQHit.asp Information Disclosure |
Release Date |
2003/05/08 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability in Microsoft Index Server 2.0. Attackers can manipulate the SQLQHit sample Active Server Page on a Microsoft IIS server to obtain system files, source code for other ASP files, and other potentially sensitive information.
The sqlqhit.asp sample file is used for performing web-based SQL queries. Malicious users could send specifically crafted HTTP request to an Internet Information Services server running Index Server to reveal path information, file attributes, and possibly some lines of the file contents. The sqlqhit.asp file is located in the \inetpub\iissamples\ISSamples\ folder and is installed by default.