<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content="text/html; charset=iso-8859-1" http-equiv=Content-Type>
<META content="MSHTML 5.00.2722.2800" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>I was recently auditing the security on one of my 
web servers when I came<BR>across a new Extension Enumerate Root Web Server 
Directory Vulnerability for<BR>IIS 4.0. Going to the main website and asking for 
anything.idq I get the<BR>page cannot be found. But if the files for the web 
server reside on a share<BR>the full network path is found.<BR><BR>The 
Exploit:<BR><BR>On the shared network drive, <A 
href="http://server/anything.idq">http://server/anything.idq</A><BR><BR>The file 
<A 
href="file://\\share\wwwroot\inetpub\webpage\*">\\share\wwwroot\inetpub\webpage\*</A>.idq 
is on a network share. IDQ,<BR>IDA and HTX files cannot be placed on a network 
share.<BR><BR>Tested on Windows NT 4.0 Service Pack 5 and 6a<BR><BR>I would like 
to say thank you to rain.forest.puppy. for all of his help.<BR><BR>props out to 
ADM, Wiretrip, w00w00 and l0pht.<BR><BR>Jason Lutz<BR>Sprint Print Inc<BR><A 
href="mailto:jason@spis.net">jason@spis.net</A><BR><BR></FONT></DIV></BODY></HTML>