Overview
Characteristics
Exploit-IIS is a perl tool that verify web servers vulnerability against the "/" encoding.
It tries to access the remote web server root by using encoded "/" (the otherwise called "dot dot root vulnerability"). If successful it lists all accessible folders and vulnerable executables such as cmd.exe. It support ssl (https) and provides some upload features.
Note: Although this program is specifically designed as a security test tool it could be used by a malicious attacker to compromise remote web servers.
There are know variants that behave slightly differently.
It tries to access the remote web server root by using encoded "/" (the otherwise called "dot dot root vulnerability"). If successful it lists all accessible folders and vulnerable executables such as cmd.exe. It support ssl (https) and provides some upload features.
Note: Although this program is specifically designed as a security test tool it could be used by a malicious attacker to compromise remote web servers.
There are know variants that behave slightly differently.
Symptoms
N.A.
Method of Infection
This tool tests remote web server "dot dot root" vulnerability.
Removal
All Users:
Use specified engine and DAT files for detection and removal.
Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).
Variants