Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

pen-test logo Penetration Testing mailing list archives

RE: IIS 3.0 pen-test
From: jerickson () telenisus com
Date: Thu, 5 Jul 2001 14:18:24 -0500
Well besides the rest of the vulnerabilites with MS IIS 3.0, I tested the
servers for Unicode and it seemed they were vulnerable. ( I check using a
perl script that I found on Packetstorm) it discovered that the servers

were

vulnerable to various forms of the unicode vulnerability.


The perl script you have checks for the word directory in the response from
the server
So when your getting back the error: 


saying "HTTP/1.0 403 Access Forbidden (Execute Access Denied -This Virtual
Directory does not allow objects to be executed.)"


your perl script thinks its vulnerable.  

This is a piece of code taken from a perl script that check for unicode.

(taken from unicodeloader.pl)
my @results=sendraw("GET $uni+dir HTTP/1.0\r\n\r\n");
 foreach $line (@results){
  if ($line =~ /Directory/) { # THIS LINE IS GENERATING YOUR FALSE POSITIVE.



Jon Erickson


--------------------------------------------------------------------------------------

This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service
For more information on SecurityFocus' SIA service which automatically alerts you to 
the latest security vulnerabilities please see:

https://alerts.securityfocus.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]