Hi all, I am conducting a penetration test for one of our clients and some of the webservers they are running are IIS 3.0. Well besides the rest of the vulnerabilites with MS IIS 3.0, I tested the servers for Unicode and it seemed they were vulnerable. ( I check using a perl script that I found on Packetstorm) it discovered that the servers were vulnerable to various forms of the unicode vulnerability. Ok, now to the meat of it. I opened my browser and attempted a directory listing using the scripts directory (which I know existed). I got an error saying "HTTP/1.0 403 Access Forbidden (Execute Access Denied -This Virtual Directory does not allow objects to be executed.)" I'm guessing that execution of commands is not allowed on that directory. I also tried with the msadc directory (which I know existed), but with the same result as above. Does anyone have any ideas on this one? I basically want to knwo if it's possible to use the uni code vulnerbaility to execute commands remotely. Thanks in advance. -------------------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Thu Jul 05 2001 - 09:37:15 PDT