Home page logo
/

bugtraq logo Bugtraq mailing list archives

RE: NSFOCUS SA2001-02 : Microsoft IIS CGI Filename Decode Error V ulnerability]
From: Adriano Dias <adias () proteus com br>
Date: Wed, 16 May 2001 12:17:19 -0300

Ya! I did that!
I used the .asp file to upload and execute the nc file and to get the system
permissions.

If you need some instructions to do that, send it to the list.

Adriano Dias
Proteus Security Systems

-----Original Message-----
From: e-Security Chap [mailto:e-securitychap () usa net]
Sent: Tuesday, May 15, 2001 10:42 PM
To: Andrew Thomas; BUGTRAQ () SECURITYFOCUS COM
Subject: [RE: NSFOCUS SA2001-02 : Microsoft IIS CGI Filename Decode
Error V ulnerability]


 hi folks,
 its just another expected iis bug. did anybody tried out the chance of
elevating privileges. i have tried the same techniques as in the iis unicode
bug, however i could not.
 any known ways to do that?
 regards

____________________________________________________________________
Get free email and a permanent address at http://www.netaddress.com/?N=1


  By Date           By Thread  

Current thread:
  • RE: NSFOCUS SA2001-02 : Microsoft IIS CGI Filename Decode Error V ulnerability] Adriano Dias (May 16)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]