I am trying to show to a customer that his IIS server is vulnerable to unicode exploits. However, access to his server is password protected (Require valid-user) I get "HTTP/1.1 401 Access Denied" and "You are not authorized to view this page". As far as I am concerned, having password box does mean he does not have to patch his web server. How can I show that his box is vulnerable? Anybody? -- print chr hex for qw + 2D 2D 0A 76 6C 61 64 69 6D 69 72 40 61 72 6F 62 61 73 2E 6E 65 74 0A 44 38 37 44 20 44 32 46 42 20 46 31 36 33 20 46 31 43 31 20 34 32 30 41 20 20 31 44 31 46 20 36 43 42 39 20 31 46 38 39 20 38 35 30 42 20 30 38 44 44 0A +; ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Wed Jul 25 2001 - 10:03:06 PDT