Vulnerability Development mailing list archives
Extended UNICODE Directory Traversal Vulnerability
From: Wolfgang Gassner <wulfmen () HOTMAIL COM>
Date: Wed, 18 Oct 2000 17:14:19 GMT
Hi, this seems to be a big bug in IIS Servers, it seems that every IIS 4.0 & 5.0 is affected! I played around and found that not only %C0%AF & %C1%9C cause this there is %D0%AF & %D1%9C too! The only systems which seems to be unaffected are these, on which the WINNT Directory is not on same drive as the INETPUB ! %c1%9c../winnt/system32/cmd.exe?/c+dir+c:\ If you make something like these, the directory must be on the same drive, changing Disk seems not to be possible.. Cheers.. _________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com.
Current thread:
- Extended UNICODE Directory Traversal Vulnerability Wolfgang Gassner (Oct 20)