IIS again.

From: dilbert96at_private
Date: Fri May 18 2001 - 01:59:27 PDT

Next message: H Carvey: "Re: Access a remote registry"

Previous message: Steve Hutchins: "Apple WebObjects on Apache"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello all,
 
 
I know there are many of these already around but here is a program I wrote 
for the Unicode vulnerability which works for the IIS double-parse vulnerability. 
The program simulates an interactive command prompt and allows switching 
to and from cmd.exe interactively. The ZIP contains two files iisenc.pl 
and exploits.txt which contains the GET strings etc. To add further strings 
the format is:
 
GET /STRING  tab  WhatIsExpectedInReturn tab  Comments
 
Regards,
 
Gary O'leary-Steele
 
P.S Anyone know where I can get a PPTP sniffer for Windows NT?
Free, encrypted, secure Web-based email at www.hushmail.com

application/octet-stream attachment: Iisenc.zip

IMPORTANT NOTICE: If you are not using HushMail, this message could have been read easily by the many people who have access to your open personal email messages. Get your FREE, totally secure email address at http://www.hushmail.com.

Next message: H Carvey: "Re: Access a remote registry"
Previous message: Steve Hutchins: "Apple WebObjects on Apache"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri May 18 2001 - 12:36:35 PDT