Re: Looking for exploits

From: Can Erkin Acar (canacarat_private)
Date: Fri Apr 13 2001 - 05:21:52 PDT

Next message: Lynn Crumbling: "Re: Hack / take down new Windows XP beta serverhttp://www.testwindowsxp.com/"

Previous message: Jay D. Dyson: "Re: Apache Win32 8192 string bug"
Next in thread: Bram Shirani: "Re: Looking for exploits"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Actually, IIS Unicode vulnerability
does not even need lynx :-)

you can use any browser even netcat or telnet

However, if you mean interaction through the command line
ie: you connect to the server and exploit it by typing commands
there is a _very_ slight difference here.

I cannot think of such an exploit right now, mostly because all the
exploits are scripted nowadays for kiddies' sake...

Perhaps you can consider the IIS vulnerability a 'Browser bug'
since you open the browser and run commands through it interactively :-)

On Thu, Apr 12, 2001 at 08:30:37PM +0200, Roelof wrote:
> Marc,
>
> You have lynx yes? Most of the webserver parsing and traversal bugs can be
> made into "commandline" exploits. IF I understand you correct that is..
>
> Greets,
> Roelof Temmingh.

Next message: Lynn Crumbling: "Re: Hack / take down new Windows XP beta serverhttp://www.testwindowsxp.com/"
Previous message: Jay D. Dyson: "Re: Apache Win32 8192 string bug"
Next in thread: Bram Shirani: "Re: Looking for exploits"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:06:09 PDT