Security Incidents mailing list archives
Re: IIS Unicode Question
From: Critical Watch Bugtraqqer <bugtraq () CRITICALWATCH COM>
Date: Fri, 27 Oct 2000 14:37:19 -0500
Leon-- Started looking at some of the .gov sites that he has recently broken into. Did a request for nonexistantfile.idq ... many of them have their websites on separate drives from the system drive. Did they move the websites after the fact/hack? Hard to tell. Gut check? Probably not. Therefore, the Unicode hole would not be effective and his claim still stands that he has a gnu hole. Nelson Bunker, CISSP Co-founder Critical Watch ----- Original Message ----- From: "Leon Rosenstein" <l_rosenstein () MONTELSHOW COM> To: <INCIDENTS () SECURITYFOCUS COM> Sent: Thursday, October 26, 2000 8:31 AM Subject: IIS Unicode Question
Now that this has come to the surface does anyone think that this is how Pimpshiz was able to deface all those sites? Has anyone been able to examine logs from what he does and what this vulnerability does? Just curious.
Current thread:
- IIS Unicode Question Leon Rosenstein (Oct 27)
- Re: IIS Unicode Question Steve (Oct 28)
- Re: IIS Unicode Question Critical Watch Bugtraqqer (Oct 31)