Home page logo

fulldisclosure logo Full Disclosure mailing list archives

IIS double UTF decoding bug (old) exploit: IIS explorer
From: full-disclosure () lists netsys com (Matthew S. Hallacy)
Date: Thu, 11 Jul 2002 12:04:14 -0500

On Thu, Jul 11, 2002 at 12:26:56PM -0400, Steve wrote:

Since it looks like we are going to have tools to test holes, the policy of 
only releasing ones designing to test your own system for flaws, needs to be 
in. As Berend says we don't need to make it any easier for script kiddies.

Unfortunately the exploits that are found on the rooted box are pretty
much never anti-script kiddie, and the problem with subtle breakage of
remote scripts is that it makes it very hard for joe-blow network admin
to prove that there /is/ a vulnerability to the people he has to okay
a maintenance window with.

Steve Szmidt

Matthew S. Hallacy                            FUBAR, LART, BOFH Certified
http://www.poptix.net                           GPG public key 0x01938203

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]