D:\Inetpub\wwwroot\ - this is the physical path of the web server root. By requesting a non-existent idc file it is possible to get this information.
Web server is also running Microsoft Proxy Server 2.
http://charon/_vti_bin/fpcount.exe?Page=default.htm|Image=3|Digits=15
Fpcount.exe has been found in the /_vti_bin/ directory. If, when the link above is followed , fifteen digits are displayed this version of fpcount.exe is from the FrontPage Server Extentions 97 package and it contains a buffer overrun that allows remote execution of arbitary code.
This should be deleted until a copy of the 98 version of FrontPage can be obtained.
http://charon/iissamples/issamples/query.asp
The query.asp page is the default sample search page for Index Server on IIS4. From here an attacker can perform searches for files of a certain type using "#filename=*.exe" or "#filename=*.asp". Ensure that Index Server has been configured not to return reults for searches such as these.
Server exhibits the ::$DATA bug.
This can allow an attacker to download the source of scripts, such as Active Sever pages or Perl scripts. This problem is fixed with service pack 4 or a post SP3 hotfix can be downloaded the Microsoft web site.
http://charon/iissamples/exair/search/advsearch.asp
The sample ExAir site contains a number of scripts that can cause a temporary situation where the inetinfo.exe process consumes 100 percent of the processor time for 90 secs. This only happens if the Index Server ISAPI dlls have not been loaded into memory. If they are not and this page or query.asp or search.asp Are accessed directly the script will loop.
The solution to this problem is to remove these files.
http://charon/iisadmpwd/aexp2.htr
From here an attacker can launch password attacks against the local machine or or proxied attacks against other machines on the network. More information can be found here
http://charon/iissamples/exair/howitworks/codebrws.asp
This sample script should be removed. It allows attackers to access files on the same volume as the IIS install outside of the web file system.
http://charon/msadc/samples/selector/showcode.asp
This sample script should be removed. It allows attackers to access files on the same volume as the IIS install outside of the web file system.