> >It's out there. I've seen logs indicating the attacker put a "root.exe" file >on the IIS5 host and then were able to issue a command to run this file via >the overflow. I don't have any more specific information on the contents of >the root.exe file or the exact script used, etc. at this time. root.exe is just cmd.exe copied to root.exe! doh! -jd
This archive was generated by hypermail 2b30 : Tue May 15 2001 - 06:24:19 PDT