Penetration Testing mailing list archives
Re: iXsecurity.tool.briiis.3.02
From: Alex Butcher <alex () s3 integralis co uk>
Date: Fri, 15 Jun 2001 12:09:22 +0100
ian.vitek () ixsecurity com wrote:
iXsecurity Security Tool Release briiis.pl v3.02 ================ Tool Description - - ------------ Briiis is a tool for testing web servers for "/" encoding break out from web root vulnerability from an executable directory. E.g. IIS Unicode and double encoding vulnerabilities.
It's also worth remembering that Exchange uses IIS to provide Outlook Web Access and that this (always?) makes the /exchange path a script directory. It would appear that these hosts often get overlooked when the patch monkey is instructed to hotfix "all our IIS servers" :) Kudos to the author of the IIS unicode plugin in Nessus for pointing this out to me. :) Best Regards, Alex. -- Alex Butcher PGP/GnuPG Key IDs: Consultant, S3 Systems Security Services alex@s3 B7709088 PGP: http://www.s3.integralis.co.uk/pgp/alex.pgp alex.butcher@ 885BA6CE
Current thread:
- iXsecurity.tool.briiis.3.02 ian . vitek (Jun 13)
- Re: iXsecurity.tool.briiis.3.02 Nicolas Gregoire (Jun 13)
- Re: iXsecurity.tool.briiis.3.02 H D Moore (Jun 13)
- <Possible follow-ups>
- RE: iXsecurity.tool.briiis.3.02 Colby Rice (Jun 13)
- Re: iXsecurity.tool.briiis.3.02 Sigtrap (Jun 13)
- Re: iXsecurity.tool.briiis.3.02 Nicolas Gregoire (Jun 14)
- Re: iXsecurity.tool.briiis.3.02 Alex Butcher (Jun 15)
- Re: iXsecurity.tool.briiis.3.02 Nicolas Gregoire (Jun 13)