Bugtraq mailing list archives
About the new IIS %252c bug.
From: neme-dhc () hushmail com
Date: Tue, 15 May 2001 18:16:11 -0500 (EDT)
Hi, I spotted the same behaviour on my win2k + IIS 5.0 installation. When I installed the unicode patch this problem disappeared. Hence why I did not publish this. Maybe other people can reproduce this as well? another one that works is %252f. %255c and %252f (slash and backslash) worked before I applied the patch and ceased working afterwards. %255c and %252f are NOT unicode codes but hex codes. I find it strange that the unicode patch fixed this. IIS4.0 installations without the unicode patch were not vulnerable when I tried. greetz, nemesystm
/* * * execiis.c - (c)copyright Filip Maertens * BUGTRAQ ID: 2708 - Microsoft IIS CGI Filename Decode Error * * DISCLAIMER: This is proof of concept code. This means, this code * may only be used on approved systems in order to test the availability * and integrity of machines during a legal penetration test. In no way * is the author of this exploit responsible for the use and result of * this code. * */ #include <stdio.h> #include <stdlib.h> #include <sys/socket.h> #include <sys/types.h> #include <netinet/in.h> #include <unistd.h> #include <string.h> /* Modify this value to whichever sequence you want. * * %255c = %%35c = %%35%63 = %25%35%63 = / * */
Free, encrypted, secure Web-based email at www.hushmail.com
Current thread:
- About the new IIS %252c bug. neme-dhc (May 16)
- <Possible follow-ups>
- RE: About the new IIS %252c bug. Matt Rudge (May 16)