I've got a problem. I've used the handy dandy unitools (by Roelof Temmingh), Unicodeloader.pl script to upload its upload.asp and upload.inc files to the victim IIS server with the various IIS folder traversal vulnerabilities. This worked like a charm every time via port 80. I now have a client with an IIS server on port 443 with the msadc.dll vulnerability. I was able to take advantage of the vulnerability to copy cmd.exe into the /scripts directory. We modified the Unicodeloader.pl script to use the now available cmd.exe. In order to run the utility, I attach via Stunnel. The upload works and both the upload.asp and the upload.inc get up the IIS servers webroot. The only problem is that in the transferred upload.inc script, every instance of + is replaced with a space. Not sure why this is happening. All I know is that when I upload the upload.inc file via straight port 80 it's fine and going through Stunnel the + is replaced with a space. My goal is to get Netcat up there (of course). Does anybody know what Is going on here and what I can do to get around it? Steven Kieffer, CISSP ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Thu Dec 13 2001 - 10:03:18 PST