mailing list archives
IIS double UTF decoding bug (old) exploit: IIS explorer
From: full-disclosure () lists netsys com (Matthew S. Hallacy)
Date: Thu, 11 Jul 2002 12:04:14 -0500
On Thu, Jul 11, 2002 at 12:26:56PM -0400, Steve wrote:
Since it looks like we are going to have tools to test holes, the policy of
only releasing ones designing to test your own system for flaws, needs to be
in. As Berend says we don't need to make it any easier for script kiddies.
Unfortunately the exploits that are found on the rooted box are pretty
much never anti-script kiddie, and the problem with subtle breakage of
remote scripts is that it makes it very hard for joe-blow network admin
to prove that there /is/ a vulnerability to the people he has to okay
a maintenance window with.
Matthew S. Hallacy FUBAR, LART, BOFH Certified
http://www.poptix.net GPG public key 0x01938203