About the new IIS %252c bug.

[neme-dhc () hushmail com]

Hi,

I spotted the same behaviour on my win2k + IIS 5.0 installation. When I 
installed the unicode patch this problem disappeared. Hence why I did not 
publish this. Maybe other people can reproduce this as well?
another one that works is %252f.
%255c and %252f (slash and backslash) worked before I applied the patch 
and ceased working afterwards.
%255c and %252f are NOT unicode codes but hex codes. I find it strange that 
the unicode patch fixed this.
IIS4.0 installations without the unicode patch were not vulnerable when 
I tried.

greetz,
nemesystm

> /*
> *
> * execiis.c - (c)copyright Filip Maertens
> * BUGTRAQ ID: 2708 - Microsoft IIS CGI Filename Decode Error
> *
> * DISCLAIMER:    This  is  proof of concept code.  This means, this
> code
> * may only be used on approved systems in order to test the
> availability
> * and integrity of machines  during a legal penetration test.  In no
> way
> * is the  author of  this exploit  responsible for the use and result
> of
> * this code.
> *
> */
>
> #include <stdio.h>
> #include <stdlib.h>
> #include <sys/socket.h>
> #include <sys/types.h>
> #include <netinet/in.h>
> #include <unistd.h>
> #include <string.h>
>
>
> /* Modify this value to whichever sequence you want.
> *
> * %255c = %%35c = %%35%63 = %25%35%63 = /
> *
> */
Free, encrypted, secure Web-based email at www.hushmail.com