Re: IIS Unicode

[Ryan Yagatich <ryagatich () CSN1 COM>]

i have too attempted to do re-direct data.. here is what i've tried:

cmd.exe....echo+hello+world+>>c:\\temp.txt
**error**
cmd.exe....echo+hello+world+%3e%3e+c:\\temp.txt
**error**
cmd.exe....echo+hello+world+\%3e+\%3e+c:\\temp.txt
**error**
cmd.exe....echo+hello+world+\/%3e+\/%3e+c:\\temp.txt
**error**

so, it seems that it's not accepting the values for >> symbol, or its hex
equivelant... although i have not done too much study on iis to make a valid
responce, these tests have been acurate on Windows 2000 US/IIS5.0

so, we've found out that redirection doesn't work... but how about writing
your code, or trojan on your PC, setup a tftp server and download this to
allow "shell access".

read Zoa_Chien's publication: exploiting IIS unicode bug using tftp and
samba for a better explanation of how it works.

hope this sheds a little light.
ryan

Roelof Temmingh wrote:

<<I was having problems executing a command that contains a redirect (>)
using
any of the IIS Unicode exploits (including my own exploits on security focus
;) ).>>