Penetration Testing mailing list archives
Re: iXsecurity.tool.briiis.3.02
From: H D Moore <hdm () secureaustin com>
Date: Wed, 13 Jun 2001 18:40:31 -0500
On Wednesday 13 June 2001 11:49 am, Nicolas Gregoire wrote:
NB : last time I checked it, the unicoder.pl tool from HD Moore couldn't find non-english vulnerable versions of IIS (it is looking for "Directory of" in the returned content and it's, for exemple, "RĂ©pertoire de" in french).
It does now thanks to your (?) suggestion about a week ago. I found that it does miss the double decode in a couple cases (%255c..%255c works while %255c../..%255c doesnt), but I should have that corrected within the next day. I wrote a upload facility (echo's out upload.asp ala unicodeloader) but I like the dbug method better. I will be taking the best new features from other unicode / double decode exploits and mergin them into the next version. -HD
Current thread:
- iXsecurity.tool.briiis.3.02 ian . vitek (Jun 13)
- Re: iXsecurity.tool.briiis.3.02 Nicolas Gregoire (Jun 13)
- Re: iXsecurity.tool.briiis.3.02 H D Moore (Jun 13)
- <Possible follow-ups>
- RE: iXsecurity.tool.briiis.3.02 Colby Rice (Jun 13)
- Re: iXsecurity.tool.briiis.3.02 Sigtrap (Jun 13)
- Re: iXsecurity.tool.briiis.3.02 Nicolas Gregoire (Jun 14)
- Re: iXsecurity.tool.briiis.3.02 Alex Butcher (Jun 15)
- Re: iXsecurity.tool.briiis.3.02 Nicolas Gregoire (Jun 13)