Extended UNICODE Directory Traversal Vulnerability

[Wolfgang Gassner <wulfmen () HOTMAIL COM>]

Hi,

this seems to be a big bug in IIS Servers, it seems that
every IIS 4.0 & 5.0 is affected!

I played around and found that not only

%C0%AF & %C1%9C

cause this there is

%D0%AF & %D1%9C    too!

The only systems which seems to be unaffected are these, on
which the WINNT Directory is not on same drive as the
INETPUB !

%c1%9c../winnt/system32/cmd.exe?/c+dir+c:\

If you make something like these, the directory must be on
the same drive, changing Disk seems not to be possible..

Cheers..
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

Share information about yourself, create your own public profile at
http://profiles.msn.com.