PROMOTING ACCESS TO AFRICAN RESEARCH

West African Journal of Industrial and Academic Research

Log in or Register to get access to full text downloads.

Remember me or Register



Penetrating Internet Information Services (IIS)

OI Odabi, L Osazuwa

Abstract


The intent of this paper is to provide a number of commonly exploited IIS vulnerabilities. The understanding of prominent attacks has been  presented so that the reader can be familiar with the concept of   vulnerabilities and techniques used to exploit them and to apply this  understanding to future security issues as they arise by Information  Technology professional. Some of the common vulnerabilities found in the Internet Information Services (IIS) packages have been presented. Note that while some of these vulnerabilities could be present on IIS 6.0  (particularly in the IIS 5.0 compatibility mode), none of them will work  against a default installation of Windows Server 2003. This is due to the extensive changes to the default installation profile of IIS 6.0, which disables all dynamic content and includes no sample applications. As we proceed through the vulnerabilities, we will include mention of its status on IIS 6.0.

Key words: IIS, http, Expliot, Command and Buffer Hacking, IIS, http, PERL and Unicode.




AJOL African Journals Online