Penetrating Internet Information Services (IIS)
The intent of this paper is to provide a number of commonly exploited IIS vulnerabilities. The understanding of prominent attacks has been presented so that the reader can be familiar with the concept of vulnerabilities and techniques used to exploit them and to apply this understanding to future security issues as they arise by Information Technology professional. Some of the common vulnerabilities found in the Internet Information Services (IIS) packages have been presented. Note that while some of these vulnerabilities could be present on IIS 6.0 (particularly in the IIS 5.0 compatibility mode), none of them will work against a default installation of Windows Server 2003. This is due to the extensive changes to the default installation profile of IIS 6.0, which disables all dynamic content and includes no sample applications. As we proceed through the vulnerabilities, we will include mention of its status on IIS 6.0.
Key words: IIS, http, Expliot, Command and Buffer Hacking, IIS, http, PERL and Unicode.