Vulnerability Development mailing list archives
Re: Summary of IIS 4.0/5.0 Unicode thread (end of thread?)
From: Ryan Yagatich <ryagatich () CSN1 COM>
Date: Fri, 27 Oct 2000 12:08:06 -0400
Protection: There are multiple ways of getting around this. first of all, your webroot is the key. (so far) it has been shown that this code will only execute if the /winnt directory is located in the same as the webroot directory...
<< Is that true? I thought the point behind the "msadc" variation was that it removed that limitation... <snip> So, even if the web root were elsewhere, as long as "Program Files" was on the same drive as "winnt", it should work... (I'm just speculating, here... Someone with more definitive info should definitely speak up...) >> you're absolutely right, that was the point behind it. but for <lame excuse goes here>, my train of thought had taken me elsewhere in the description.... After reviewing the comments/suggestions about the post, i personally think that it was wrong of me to put the "protection" section in there, with the information that was given. I appologize for turning heads in the wrong direction. have we all learned a lesson? i have: never make a post, or statement that hasn't been completely planned out, you will then wind up making a fool of yourself due to the irelevent, and incorrect details. ryan
Current thread:
- Summary of IIS 4.0/5.0 Unicode thread (end of thread?) Ryan Yagatich (Oct 27)
- Re: Summary of IIS 4.0/5.0 Unicode thread (end of thread?) Robert A. Seace (Oct 28)
- Re: Summary of IIS 4.0/5.0 Unicode thread (end of thread?) Ryan Yagatich (Oct 29)
- Re: Summary of IIS 4.0/5.0 Unicode thread (end of thread?) Marcelo Lamoglia (Oct 28)
- Re: Summary of IIS 4.0/5.0 Unicode thread (end of thread?) syzop (Oct 28)
- <Possible follow-ups>
- Re: Summary of IIS 4.0/5.0 Unicode thread (end of thread?) Daniel Docekal (Oct 29)
- Re: Summary of IIS 4.0/5.0 Unicode thread (end of thread?) amonotod (Oct 29)
- Re: Summary of IIS 4.0/5.0 Unicode thread (end of thread?) Robert A. Seace (Oct 28)