RE: NSFOCUS SA2001-02 : Microsoft IIS CGI Filename Decode Error V ulnerability]

[Adriano Dias <adias () proteus com br>]

Ya! I did that!
I used the .asp file to upload and execute the nc file and to get the system
permissions.

If you need some instructions to do that, send it to the list.

Adriano Dias
Proteus Security Systems

-----Original Message-----
From: e-Security Chap [mailto:e-securitychap () usa net]
Sent: Tuesday, May 15, 2001 10:42 PM
To: Andrew Thomas; BUGTRAQ () SECURITYFOCUS COM
Subject: [RE: NSFOCUS SA2001-02 : Microsoft IIS CGI Filename Decode
Error V ulnerability]


 hi folks,
 its just another expected iis bug. did anybody tried out the chance of
elevating privileges. i have tried the same techniques as in the iis unicode
bug, however i could not.
 any known ways to do that?
 regards

____________________________________________________________________
Get free email and a permanent address at http://www.netaddress.com/?N=1