Windows 2000平台Microsoft索引服务CiWebHitsFile组件跨站脚本攻击(CSS)漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1106059 漏洞类型 未知
发布时间 2000-10-28 更新时间 2006-09-01
CVE编号 CVE-2000-0942 CNNVD-ID CNNVD-200012-152
漏洞平台 Windows CVSS评分 5.1
|漏洞来源
https://www.exploit-db.com/exploits/20335
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200012-152
|漏洞详情
Windows2000平台Microsoft索引服务中CiWebHitsFile组件存在漏洞。远程攻击者借助.htw请求中CiRestriction参数执行跨站脚本攻击(CSS)漏洞,又称为“索引服务跨站脚本”漏洞。
|漏洞EXP
source: http://www.securityfocus.com/bid/1861/info

A cross-site scripting vulnerability has been reported in Microsoft Indexing Services for Windows 2000/NT4 and its handling of the .htw extension. If a user inadvertantly opened a hostile link through a browser or HTML compliant e-mail client, active content such as JavaScript may be executed. For example, the following link when processed by IIS will yield successful exploitation:

http://target/null.htw?CiWebHitsFile=filename.htm&CiRestriction="<SCRIPT>Active Scripting</SCRIPT>"

It is not necessary to specify a valid .htw file because the virtual file null.htw is stored in memory and the .htw extension is mapped by default to webhits.dll.

Indexing Services is shipped with Windows 2000, however is not started by default. Those who are running a web server and have enabled Indexing Services are recommended to apply the patch.
|参考资料

来源:BID
名称:1861
链接:http://www.securityfocus.com/bid/1861
来源:MS
名称:MS00-084
链接:http://www.microsoft.com/technet/security/bulletin/MS00-084.asp
来源:XF
名称:iis-htw-cross-scripting
链接:http://xforce.iss.net/static/5441.php
来源:BUGTRAQ
名称:20001028IIS5.0crosssitescriptingvulnerability-using.htw
链接:http://www.securityfocus.com/archive/1/141903