Hi all,
I am conducting a penetration test for one of our clients and some of the
webservers they are running are IIS 3.0.
Well besides the rest of the vulnerabilites with MS IIS 3.0, I tested the
servers for Unicode and it seemed they were vulnerable. ( I check using a
perl script that I found on Packetstorm) it discovered that the servers were
vulnerable to various forms of the unicode vulnerability.
Ok, now to the meat of it. I opened my browser and attempted a directory
listing using the scripts directory (which I know existed). I got an error
saying "HTTP/1.0 403 Access Forbidden (Execute Access Denied -This Virtual
Directory does not allow objects to be executed.)"
I'm guessing that execution of commands is not allowed on that directory.
I also tried with the msadc directory (which I know existed), but with the
same result as above.
Does anyone have any ideas on this one? I basically want to knwo if it's
possible to use the uni code vulnerbaility to execute commands remotely.
Thanks in advance.
--------------------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service
For more information on SecurityFocus' SIA service which automatically alerts you to
the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Received on Jul 05 2001
Intro
