I've repeated your tests on a system with all patches applied and all proper lockdowns applied as well and get nothing more than a 404 response. Do you still have the .IDA, .IDQ mappings in your website? * Jim Harrison MCP(NT4, 2K), A+, Network+ Never be afraid to try something new. Remember that amateurs built the Ark. Professionals built the Titanic. -----Original Message----- From: RWXLabs [mailto:rwxlabsat_private] Sent: Thursday, March 14, 2002 16:47 To: Brett Moore; vuln-dev Subject: Re: idq.dll problem?? Hi, All the test was carried through in system with all patches applied, however, it is enough to request the URL: www.server.com/null.ida?= So that the server presents the error, being that only caracter = (equal) this happens! Any ideas? Marcos Ferreira marcosat_private RWXSecurity - Segurança na Internet http://www.rwxsecurity.com Brett Moore wrote: >Made me think of the .ida bof testing that went on during the code red >season. > > >On A patched system. >Results >Sending 1-199 bytes yields the error: >The IDQ file NULL.ida could not be found. >Nothing written to the event log. > >Sending 200-??? bytes we get: >File . >Error 0x80040e14 caught while processing query >Nothing written to the event log. > > >Were you testing patch/unpatched? > >Brett > >>-----Original Message----- >>From: H D Moore [mailto:sflistat_private] >>Sent: Thursday, 14 March 2002 17:31 >>To: RWXLabs; bugtraqat_private; vuln-devat_private; >>secureat_private >>Subject: Re: idq.dll problem?? >> >> >>On Wednesday 13 March 2002 06:13 pm, RWXLabs wrote: >> >>>Hello, >>> >>>In some tests carried through with servers IIS5, I found the >>>following problem. >>> >>>When requesting the URL: >>> >>>ww.server.com/null.ida?= >>> >>> >>>The server returned the following message: >>> >>>File . Error 0x80040e14 caught while processing query >>> >>Interesting. That error is normally thrown by the ODBC handler anytime >>an invalid/misformed query is made in an ASP script. The error message >>translates into "The command contained one or more errors". >> >>Check out this URL: >> >http://www.adopenstatic.com/faq/80040e14.asp > > >
This archive was generated by hypermail 2b30 : Fri Mar 15 2002 - 09:00:55 PST