Next message: David Choi: "Re: DCForum Password File Manipukation Vulnerability (qDefense Advisory Number QDAV-5-2000-2)"
A few remarks,
The following topics tackles some comments being made through private
e-mail. Just clarification.
NOT UNICODE - This is not 100% unicode we are talking about. This is
the vulnerability as discovered by NSFOCUS Security
Advisory(SA2001-02). This has been documented by Microsoft as being
MS01-026 or to be found at the CERT ( CERTŪ Advisory CA-2001-12 ).
Please read the history in the advisory to get a full update on the
whereabouts of this vulnerability. This five-minute code snippet is
meant to provide an easy to use testing interface for your IIS
webservers. Nothing more, nothing less.
CRIPPLED : Seems I've been sending the backup-code I had on my Windows
machine instead of the working one on my OpenBSD testing machine. It
will spit out with an error code, everyone with even pre-basic C
knowledge will know how to solve this, however, simply put brackets on
the if instruction like this:
if ( ( strstr(recvbuffer,"404") == NULL ) ) {
while(recv(create_socket, recvbuffer, 1, 0) > 0)
{
printf("%c", recvbuffer[0]);
}
}else {
printf(" -- Wrong command processing. \n");
}
PROOF OF CONCEPT - Tool or weapon? I guess everyone gets these
discussions now and then, and I don't even want to go that way. The
advisory is very clear, the patch is there... I do not see any harm in
having a quick'n'dirty interface for this vulnerability on this
advisory. Mind you, anyone with a netcat can pull off the exact same
thing. Hence the fact it's even a waste of time wasting C on this one,
but it just happened I had to write this one for testing purposes on our
own IIS testing machines, and I didn't felt like opening a netcat
connection and manually typing the GET request. There is no logic, I
know... :-)
Cheers,
</filip>