Your friend is smart. You don't need to have a username/password to do many
of the buffer overflows, directory traversal, and URL encoding attacks
against an unpatched IIS server. You didn't say but if the IIS server is
not protected by a firewall to only allow port 80 connections, then your
Windo...
of the buffer overflows, directory traversal, and URL encoding attacks
against an unpatched IIS server. You didn't say but if the IIS server is
not protected by a firewall to only allow port 80 connections, then your
Windo...
[ more ]