RE: Windows 2000 and NT4 IIS .ASP Remote Buffer Overflow

["Ryan Permeh" <ryan () eeye com>]

when you get 100 continue HTTP responses, you need to send more data.  try
another couple enters.


Signed,
Ryan Permeh
eEye Digital Security Team
http://www.eEye.com/Retina -Network Security Scanner
http://www.eEye.com/Iris -Network Traffic Analyzer
http://www.eEye.com/SecureIIS -Stop Known and Unknown IIS Vulnerabilities

-----Original Message-----
From: incubus [mailto:incubus () securax org]
Sent: Thursday, April 11, 2002 9:08 PM
To: vuln-dev () securityfocus com
Subject: RE: Windows 2000 and NT4 IIS .ASP Remote Buffer Overflow


Hi all,

> It should return something like this, if it worked (and generate a popup
> error to you that says "Unknown has generated errors")

> HTTP/1.1 100 Continue
> Server: Microsoft-IIS/5.0
> Date: Wed, 27 Mar 2002 23:37:32 GMT

It does give this error, but there's nowhere a window.. Even a debugger
doesn't catch it.

Regards,
 Michael