Re: cmdasp.asp & unicode

From: CT (ctat_private)
Date: Thu Aug 16 2001 - 07:48:42 PDT

  • Next message: Mike Ahern: "cmdasp.asp & unicode"

    :) You are a spanish guy... I wrote some for this bug ( unicode/decode/code
    red II ) in spanish, how to exploit them and fix it:
    Best regards
    Carpe Noctem
    ----- Original Message -----
    From: "César González" <>
    To: "Penetration Testers" <PEN-TESTat_private>
    Sent: Thursday, August 16, 2001 8:28 AM
    Subject: cmdasp.asp & unicode
    > Hello all,
    > First of all, Thankx H.D. Moore for the reply to my last post
    > about mkilog.exe") and sorry about my poor english ;).
    > I am finishing a pen-test to a company and my customer said to me to try
    > grab te data of the database.  The machine who runs the databas soft, runs
    > IIS too, and it ts vulnerable to an UNICODE exploit. I have uploaded the
    > cmdasp.asp script but it seems to fail in some operations like deleting
    > files.  For example : I upload cmdasp.asp to c:\inetpub\scripts\ with the
    > tftp trick but when i try to delete the file itself i got permision
    > The user under the script runs is  IUSR_SIVAC. (sivac is the database and
    > name of the computer in the windows network)
    > My questions are : ¿Why cant i delete the files i have uploaded to
    > c:\inetpub\scripts? The user SIVAC should be allowed... if i can write in
    > directory i should be allowed to delete too, isnt it?. ¿Could I force to
    > change the user under the cmd.asp.asp runs?
    > Thanks in advance.
    > César González Revilla
    > Eureka Sistemas S.L.
    > C/ San Fernando 16 bajo
    > 39010 Santander
    This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
    Service. For more information on SecurityFocus' SIA service which
    automatically alerts you to the latest security vulnerabilities please see:

    This archive was generated by hypermail 2b30 : Thu Aug 16 2001 - 08:15:43 PDT