Re: Unicode Decode

[Reverend Lola <reverend_lola () yahoo com>]

Jason, 

It's just one of the Extended Unicode representations
of the '/' character.  

I haven't seen many translation tables for Extended
Unicode values, but it looks like there are probably
some at http://www.unicode.org/charts.  

Hope this helps, 

Reverend Lola
The Titanium Sheep
Provider of Steel Wool
Defender of the Fleeceless

> -----Original Message-----
> From: jason [mailto:jpotopa () qwest net]
> Sent: Monday, June 25, 2001 10:38 AM
> To: incidents () securityfocus com
> Subject: Unicode Decode
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Does anyone know of any sites/tools/tables to decode
> unicode
> information?  Specificly I am looking to decode the
> unicode portion
> of this attack:
>
> GET
/msadc/..%e0%80%af../..%e0%80%af../..%e0%80%af../winnt/sytem32/cmd.exe
> ?/c+copy+\winnt\system32\cmd.exe +root.exe HTTP/1.0
>
> Obviously he is trying to copy cmd.exe to
> /msadc/root.exe, but I do
> not know how to interpret the unicode stuff.  Thanks
> in advance
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGPfreeware 6.5.3 for non-commercial use
> <http://www.pgp.com>
iQA/AwUBOzd3ClL3u0OElmjPEQLyWgCfTM0mvmVcZpgQjOZwHSaddHGxgUAAoIrU
> v3cHdcY94clFmG92/O4ojvpd
> =gtF9
> -----END PGP SIGNATURE-----


__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail
http://personal.mail.yahoo.com/

This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see:

http://aris.securityfocus.com