Penetration Testing mailing list archives
Re: [PEN-TEST] IIS UNICODE Strings
From: Daniel Docekal <ddoc () MIA CZ>
Date: Mon, 30 Oct 2000 22:24:45 +0100
Talking about W2K, there are MANY virtual folders located on system drive. IISHELP (scripts only) IISADMIN (scripts only) MSADC (scripts and executables) <--- this is problem _vti_bin (scripts and executables) <--- another problem PRINTERS (scripts only) In case that Site Server is installed SiteServer (scripts only) Sites (scripts only) _mem_bin (scripts and executables) <--- another problem FpSample (scripts only) CmSample (scripts only) So, frankly said, we will always have Paris :)
-----Original Message----- From: Michael Owen [mailto:mowen () COSTCO COM] Sent: Monday, October 30, 2000 8:23 PM To: PEN-TEST () SECURITYFOCUS COM Subject: Re: [PEN-TEST] IIS UNICODE Strings In our test, the InetPub directory is in logical drive D: instead of default C:. Does that matter in the above examples? ------------------------------------- In our internal tests, it does, and the exploit won't work. BUT, if you use the /msadc/ virtual folder, it won't matter, as msadc is in c:\program files\Common\.... http://iisbox/msadc/..\%e0\%80\%af../..\%e0\%80\%af../..\%e0\% 80\%af../winnt /system32/cmd.exe\?/c\+dir+c:\\temp ---------------------------------- Michael Owen Costco Wholesale Network Security (425) 313-2957
Current thread:
- [PEN-TEST] IIS UNICODE Strings Mike Ahern (Oct 31)
- Re: [PEN-TEST] IIS UNICODE Strings Erick Arturo Perez Huemer (Oct 31)
- <Possible follow-ups>
- Re: [PEN-TEST] IIS UNICODE Strings Michael Owen (Oct 31)
- Re: [PEN-TEST] IIS UNICODE Strings Daniel Docekal (Oct 31)