Re: cmdasp.asp & unicode

From: CT (ctat_private)
Date: Thu Aug 16 2001 - 07:48:42 PDT

  • Next message: Mike Ahern: "cmdasp.asp & unicode"

    :) You are a spanish guy... I wrote some for this bug ( unicode/decode/code
    red II ) in spanish, how to exploit them and fix it:
    www.heinekenteam.com/cursos/iis
    Best regards
    
    CyRaNo
    Carpe Noctem
    
    ----- Original Message -----
    From: "César González" <cesar@eureka-sistemas.com>
    To: "Penetration Testers" <PEN-TESTat_private>
    Sent: Thursday, August 16, 2001 8:28 AM
    Subject: cmdasp.asp & unicode
    
    
    > Hello all,
    >
    > First of all, Thankx H.D. Moore for the reply to my last post
    ("Imformation
    > about mkilog.exe") and sorry about my poor english ;).
    > I am finishing a pen-test to a company and my customer said to me to try
    to
    > grab te data of the database.  The machine who runs the databas soft, runs
    > IIS too, and it ts vulnerable to an UNICODE exploit. I have uploaded the
    > cmdasp.asp script but it seems to fail in some operations like deleting
    > files.  For example : I upload cmdasp.asp to c:\inetpub\scripts\ with the
    > tftp trick but when i try to delete the file itself i got permision
    denied.
    > The user under the script runs is  IUSR_SIVAC. (sivac is the database and
    the
    > name of the computer in the windows network)
    > My questions are : ¿Why cant i delete the files i have uploaded to
    > c:\inetpub\scripts? The user SIVAC should be allowed... if i can write in
    the
    > directory i should be allowed to delete too, isnt it?. ¿Could I force to
    > change the user under the cmd.asp.asp runs?
    >
    > Thanks in advance.
    >
    > César González Revilla
    > Eureka Sistemas S.L.
    > C/ San Fernando 16 bajo
    > 39010 Santander
    >
    
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
    Service. For more information on SecurityFocus' SIA service which
    automatically alerts you to the latest security vulnerabilities please see:
    https://alerts.securityfocus.com/
    



    This archive was generated by hypermail 2b30 : Thu Aug 16 2001 - 08:15:43 PDT