|On Thu, 12 Apr 2001 xanderat_private wrote: | |> >A: No. Microsoft is creating this site and placing it on the |Internet to |> >test Microsoft® Windows® XP Home Edition and its features in a |typical home |> >networked environment. | |It seems to me, that many previous exploits (test.asp::$DATA ; test.asp. ) |involved non-static content. Anyone notice that, (as far as I see), every |single page is a .htm ? | |Given the user base, *some* home users are going to become "power |users" enough to write simple .asp's... | |- Lynn | |Lynn Crumbling, Sr. System Analyst |Analytical Design Solutions, Inc. |ADSi... we make it happen. If you do a look into the ISAPI filters on the test site they seem to be stripped down, although windows XP itself doesnt ship with all of the nt4, win2k ones (but ms loves backwards compatibility so i doubt that) so its obvious the server is setup to "win." Look at the last MS contest against Windows 2000... ya it was not "hacked" into but what was released a few months later that lead the the remote penetration of many Win2k servers? IIS Unicode vulnerability. I am sure Windows XP will have a remote vulnerability within it found also. Where there is functionality there is going to be failure. Signed, Marc Maiffret Chief Hacking Officer eEye Digital Security T.949.349.9062 F.949.349.9538 http://eEye.com/Retina - Network Security Scanner http://eEye.com/Iris/ - Network Traffic Analyzer "Walk on."
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 23:34:28 PDT