Family: CGI abuses --> Category: infos
SQLQHit Directory Structure Disclosure Vulnerability Scan
Vulnerability Scan Summary
SQLQHit Directory Stracture Disclosure
Detailed Explanation for this Vulnerability Test
The Sample SQL Query CGI is present.
The sample allows anyone to structure a certain query that would retrieve
the content of directories present on the local server.
Solution: Use Microsoft's Secure IIS Guide (For IIS 4.0 or IIS 5.0 respectively) or
Microsoft's IIS Lockdown tool to remove IIS samples.
Threat Level: Medium
http://www.securiteam.com/tools/5QP0N1F55Q.html (IIS Lookdown)
http://www.securiteam.com/windowsntfocus/5HP05150AQ.html (Secure IIS 4.0)
http://www.securiteam.com/windowsntfocus/5RP0D1F4AU.html (Secure IIS 5.0)
Click HERE for more information and discussions on this network vulnerability scan.