Friday, September 22, 2006

Attacks against IIS

IIS is one of the most widely used Web server platforms on the Internet.
Microsoft's Web Server has been the frequent target over the years.
It has been attacked by various vulnerabilities.

Examples include:
  • ::$DATA vulnerability
  • showcode.asp vulnerability
  • Piggy backing vulnerability
  • Privilege command execution
  • Buffer Overflow exploits (IIShack.exe)
IIS Components

  • IIS relies heavily on a collection of DLLs that work together with the main server process, inetinfo.exe, to provide various capabilities.
  • Example: Server side scripting, Content Indexing, Web Based printing etc.
  • This architecture provides attackers with different functionality to exploit via malicious input.
ISAPI DLL Buffer Overflows

  • One of the most extreme security vulnerabilities associated with ISAPI DLLs is the buffer overflow.
  • In 2001, IIS servers were ravaged by versions of the Code Red and Nimda worms which were both based on buffer overflow exploits.


  1. A good article describing overflow exploits in a basic language

  2. Even use of pirated softwares too plays a major role in these kind of attacks