Security Incidents mailing list archives

Re: IIS Unicode Question

From: Steve <steve () SECURESOLUTIONS ORG>
Date: Thu, 26 Oct 2000 12:35:28 -0600

I have looked at logs from a couple different servers that Pimpshiz has
defaced.  And no, this is not what he was doing.  Pimpshiz is simply finding
boxes with poorly set permissions and exploiting them.  He is doing nothing
new.

------------------------------------------------------------------------

Steve Manzuik                                   Calgary, Alberta, Canada
Moderator - Win2K Security Advice               (403)660-2997

Security Analyst - Bindview RAZOR Team
smanzuik () razor bindview com
http://razor.bindview.com

* - The opinions expressed in this email are mine, and mine alone.  They - *
* - do not reflect those of my employer or anyone else for that matter.  - *

------------------------------------------------------------------------

-----Original Message-----
From: Incidents Mailing List [mailto:INCIDENTS () SECURITYFOCUS COM]On
Behalf Of Leon Rosenstein
Sent: Thursday, October 26, 2000 7:32 AM
To: INCIDENTS () SECURITYFOCUS COM
Subject: IIS Unicode Question

Now that this has come to the surface does anyone think that this is how
Pimpshiz was able to deface all those sites?  Has anyone been able to
examine logs from what he does and what this vulnerability does?  Just
curious.

Current thread:

IIS Unicode Question Leon Rosenstein (Oct 27)
- Re: IIS Unicode Question Steve (Oct 28)
- Re: IIS Unicode Question Critical Watch Bugtraqqer (Oct 31)