From: "John D. Hardin" <jhardinat_private> > On Fri, 28 Jan 2000, Mnemonix wrote: > > > > I apply the patch from Microsoft and it doesnt change the problem. I test > > > this after and the problem are the same > > > > > > *** WARNING **** > > > Even if you have no .htw files on your system you're probably > > > still vulnerable! A quick test to show if you are vulnerable: > > > go to http://YOUR_WEB_SERVER_ADDRESS_HERE/nosuchfile.htw > > > If you receive a message stating the "format of the QUERY_STRING > > > is invalid" you _are_ vulnerable. > > > > This test is to see if you're vulnerable _before_ you apply the > > patch. After you install the patch you _will_ still get the same > > message. > > ...so what indicates that you *are not* vulnerable? We'll - fairly long winded approach - therefore not a quick test: create a file call test.txt and put it on the root of the drive where your virtual root is found. If one doesn't already exist create a static file - eg default.html and place it in the root virtual directory. Try to access test.txt by using one of the exploits now floating around. If you manage it - then you're vulnerable s apply the patch. If you don't then you're not and the patch is already installed or .htw is not linked to webhits.dll Cheers, David Litchfield http://www.cerberus-infosec.co.uk/
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:32:48 PDT