This is a vulnerability allowing a remote attacker bypass the authentication mechanism of IIS. It's in WebDAV extension.
kcope presented method of exploiting this flaw on milw0rm.com
I tested successfully with TamperData and Hackbar (FireFox Add-on). Thank TamperData and HackBar very much :).
More Informations:
Web-based Distributed Authoring and Versioning, or WebDAV, is a set of extensions to the Hypertext Transfer Protocol (HTTP) that allows users to edit and manage files collaboratively on remote World Wide Web servers. The protocol is defined in RFC 4918. The group of developers responsible for these extensions was also known by the same name and was a working group of the Internet Engineering Task Force (IETF).
kcope presented method of exploiting this flaw on milw0rm.com
I tested successfully with TamperData and Hackbar (FireFox Add-on). Thank TamperData and HackBar very much :).
More Informations:
Web-based Distributed Authoring and Versioning, or WebDAV, is a set of extensions to the Hypertext Transfer Protocol (HTTP) that allows users to edit and manage files collaboratively on remote World Wide Web servers. The protocol is defined in RFC 4918. The group of developers responsible for these extensions was also known by the same name and was a working group of the Internet Engineering Task Force (IETF).
Microsoft Advisory: http://www.microsoft.com/technet/security/advisory/971492.mspx
Microsoft Blog: http://blogs.technet.com/srd/archive/2009/05/18/more-information-about-the-iis-authentication-bypass.aspx