Bugtraq mailing list archives
Re: IIS Unicode
From: Ryan Yagatich <ryagatich () CSN1 COM>
Date: Wed, 25 Oct 2000 11:08:08 -0400
i have too attempted to do re-direct data.. here is what i've tried: cmd.exe....echo+hello+world+>>c:\\temp.txt **error** cmd.exe....echo+hello+world+%3e%3e+c:\\temp.txt **error** cmd.exe....echo+hello+world+\%3e+\%3e+c:\\temp.txt **error** cmd.exe....echo+hello+world+\/%3e+\/%3e+c:\\temp.txt **error** so, it seems that it's not accepting the values for >> symbol, or its hex equivelant... although i have not done too much study on iis to make a valid responce, these tests have been acurate on Windows 2000 US/IIS5.0 so, we've found out that redirection doesn't work... but how about writing your code, or trojan on your PC, setup a tftp server and download this to allow "shell access". read Zoa_Chien's publication: exploiting IIS unicode bug using tftp and samba for a better explanation of how it works. hope this sheds a little light. ryan Roelof Temmingh wrote: <<I was having problems executing a command that contains a redirect (>) using any of the IIS Unicode exploits (including my own exploits on security focus ;) ).>>
Current thread:
- IIS Unicode Roelof Temmingh (Oct 25)
- Re: IIS Unicode Ryan Yagatich (Oct 26)
- <Possible follow-ups>
- Re: IIS Unicode Nsfocus Security Team (Oct 26)