mailing list archives
About the new IIS %252c bug.
From: neme-dhc () hushmail com
Date: Tue, 15 May 2001 18:16:11 -0500 (EDT)
I spotted the same behaviour on my win2k + IIS 5.0 installation. When I
installed the unicode patch this problem disappeared. Hence why I did not
publish this. Maybe other people can reproduce this as well?
another one that works is %252f.
%255c and %252f (slash and backslash) worked before I applied the patch
and ceased working afterwards.
%255c and %252f are NOT unicode codes but hex codes. I find it strange that
the unicode patch fixed this.
IIS4.0 installations without the unicode patch were not vulnerable when
* execiis.c - (c)copyright Filip Maertens
* BUGTRAQ ID: 2708 - Microsoft IIS CGI Filename Decode Error
* DISCLAIMER: This is proof of concept code. This means, this
* may only be used on approved systems in order to test the
* and integrity of machines during a legal penetration test. In no
* is the author of this exploit responsible for the use and result
* this code.
/* Modify this value to whichever sequence you want.
* %255c = %%35c = %%35%63 = %25%35%63 = /
Free, encrypted, secure Web-based email at www.hushmail.com
- About the new IIS %252c bug. neme-dhc (May 16)