Tutorial - Vulnerable Web Server (RDS)
Vulnerable Web Server (RDS)
Impact
RDS includes a component called the DataFactory object, which has a vulnerability that could allow any web user to:
- Obtain unauthorized access to unpublished files on the IIS server
- Use MDAC to tunnel ODBC requests through to a remote internal or external location, thereby obtaining access to non-public servers or effectively masking the source of an attack on another network.
Resolution
Reference
www.securityfocus.com/bid/529