Try to exploit the *.idq bug. Do a request like http://www.acme.com/anything.idq If the server is vulnerable, you should see the webroot... Have a nice day, On 14 June 2001 00:30, * (todd + 1) wrote: > hello all, > > Recently i came across an IIS webserver that i found to be vulnerable to > the Unicode attacks. However, i cannot determine the webroot of this drive, > and therefore i am having troubles reaching a full comprimise. The > directory "C:\Inetpub" exists, but the only contents of this directory is > the folder "mailroot". > > Additionally, when i connect and request the root document (ie GET / ), it > returns the string: "<% Response.ContentType = "text/plain" %> HELLO" > > Does anyone come across anything like this before, and what would be the > simplest method of determining the webroot? > > thanks in advance > todd willey > ubermother
This archive was generated by hypermail 2b30 : Fri Jun 15 2001 - 16:09:42 PDT