Bugtraq mailing list archives

RE: Tests about semicolon zero-day (BID 37460)

From: "Nelson Brito" <nbrito () sekure org>
Date: Tue, 29 Dec 2009 15:14:46 -0200

@hdmoore: Exploiting Microsoft IIS with Metasploit: http://bit.ly/52oJoE
(ASP;JPG bug).

Cheers.

/*
 * $Id: .siganture,v 1.3 2009-12-11 09:22:54-02 nbrito Exp $
 *
 * Author: Nelson Brito <nbrito [at] sekure [dot] org> 
 
   Copyright(c) 2004-2009 Nelson Brito. All rights reserved worldwide.
   http://fnstenv.blogspot.com */

-----Original Message-----
From: Crash - DcLabs [mailto:crashbrz () gmail com]
Sent: Monday, December 28, 2009 8:28 PM
To: bugtraq () securityfocus com
Subject: Tests about semicolon zero-day (BID 37460)

Tests about semicolon zero-day (BID 37460)

Tests in Windows XP SP3 and IIS 5.1
The results are:
18:21:18 172.16.5.79 GET /t.asp;.jpg 200
The file founded,  but not interpreted! IIS print the asp souce code at
screen.

Testing in 2003 Server IIS 6.0 SP 2 works perfect!  the .jpg is
interpreted as .asp
2009-12-28 18:56:37 W3SVC1 172.16.5.79 GET /t.asp;.jpg - 80 -
172.16.6.16 Mozilla/4.0+(compatible;+MSIE+
8.0;+Windows+NT+5.2;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.N
ET+CLR+3.0.04506.30;+.NET+CLR+3.0.04506.648;+.NET+CLR+3.0.4506.2152;+.NET+C
LR+3.5.30729)
200 0 0

Testing in 2008 Server  IIS 7.0 SP1
Return same Windows XP, source code printed at screen.

-------------------
Crash
DcLabs

Current thread:

Tests about semicolon zero-day (BID 37460) Crash - DcLabs (Dec 29)
- RE: Tests about semicolon zero-day (BID 37460) Nelson Brito (Dec 29)
- RE: Tests about semicolon zero-day (BID 37460) Nelson Brito (Dec 30)
- <Possible follow-ups>
- Re: RE: Tests about semicolon zero-day (BID 37460) crashbrz (Dec 30)