Security Incidents mailing list archives
Re: Unicode Decode
From: Reverend Lola <reverend_lola () yahoo com>
Date: Mon, 25 Jun 2001 13:00:30 -0700 (PDT)
Jason, It's just one of the Extended Unicode representations of the '/' character. I haven't seen many translation tables for Extended Unicode values, but it looks like there are probably some at http://www.unicode.org/charts. Hope this helps, Reverend Lola The Titanium Sheep Provider of Steel Wool Defender of the Fleeceless
-----Original Message----- From: jason [mailto:jpotopa () qwest net] Sent: Monday, June 25, 2001 10:38 AM To: incidents () securityfocus com Subject: Unicode Decode -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Does anyone know of any sites/tools/tables to decode unicode information? Specificly I am looking to decode the unicode portion of this attack: GET
/msadc/..%e0%80%af../..%e0%80%af../..%e0%80%af../winnt/sytem32/cmd.exe
?/c+copy+\winnt\system32\cmd.exe +root.exe HTTP/1.0 Obviously he is trying to copy cmd.exe to /msadc/root.exe, but I do not know how to interpret the unicode stuff. Thanks in advance -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>
iQA/AwUBOzd3ClL3u0OElmjPEQLyWgCfTM0mvmVcZpgQjOZwHSaddHGxgUAAoIrU
v3cHdcY94clFmG92/O4ojvpd =gtF9 -----END PGP SIGNATURE-----
__________________________________________________ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail http://personal.mail.yahoo.com/ This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Re: Unicode Decode Reverend Lola (Jun 26)