Penetration Testing: Re: iXsecurity.tool.briiis.3.02

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Penetration Testing mailing list archives

Re: iXsecurity.tool.briiis.3.02

From: Alex Butcher <alex () s3 integralis co uk>
Date: Fri, 15 Jun 2001 12:09:22 +0100

ian.vitek () ixsecurity com wrote:

iXsecurity Security Tool Release
briiis.pl v3.02
================

Tool Description
- - ------------
Briiis is a tool for testing web servers for "/" encoding
break out from web root vulnerability from an executable
directory.
E.g. IIS Unicode and double encoding vulnerabilities.


It's also worth remembering that Exchange uses IIS to provide Outlook
Web Access and that this (always?) makes the /exchange path a script
directory. It would appear that these hosts often get overlooked when
the patch monkey is instructed to hotfix "all our IIS servers" :)

Kudos to the author of the IIS unicode plugin in Nessus for pointing
this out to me. :)

Best Regards,
Alex.
-- 
Alex Butcher                                      PGP/GnuPG Key IDs:
Consultant, S3 Systems Security Services          alex () s3       B7709088
PGP: http://www.s3.integralis.co.uk/pgp/alex.pgp  alex.butcher@ 885BA6CE

By Date By Thread

Current thread:

Re: iXsecurity.tool.briiis.3.02, (continued)
- Re: iXsecurity.tool.briiis.3.02 Nicolas Gregoire (Jun 13)
  - Re: iXsecurity.tool.briiis.3.02 H D Moore (Jun 13)
- RE: iXsecurity.tool.briiis.3.02 Colby Rice (Jun 13)
- Re: iXsecurity.tool.briiis.3.02 Sigtrap (Jun 13)
  - Re: iXsecurity.tool.briiis.3.02 Nicolas Gregoire (Jun 14)
- Re: iXsecurity.tool.briiis.3.02 Alex Butcher (Jun 15)