Vulnerability Development mailing list archives

Re: [unicode / iis4]

From: Marco van Berkum <m.v.berkum () obit nl>
Date: Tue, 9 Jan 2001 09:19:55 +0100

Tim H wrote:

Hi All,
A lot of these attacks assume that the web directory is on the same drive as
the system and that the system is in the winnt directory.  If neither if
these conditions are true, is this exploit still reasonable?

Thanks,
Tim


I have been reading this discussion for some while now...

I find it very hard to believe that some ppl still dont know how

to exploit this incredibly easy and very common bug.

Read my article regarding this bug on:

http://ws.obit.nl/nt.txt

grtz,

Marco van Berkum

--
Sex is like hacking. You get in, you get out,
and you hope you didn't leave something behind
that can be traced back to you.

Marco van Berkum, System Operator/Security Analyst OBIT b.v.
RIPEHANDLE: MB17300-RIPE

Current thread:

Re: [unicode / iis4] white hat eagle (Jan 07)
- <Possible follow-ups>
- Re: [unicode / iis4] Tim H (Jan 08)
  - Re: [unicode / iis4] Marco van Berkum (Jan 09)
  - Re: [unicode / iis4] Ryan Yagatich (Jan 09)
    - Re: [unicode / iis4]PLEASE HELP ME. Fabrizio Siciliano (Jan 24)
- Re: [unicode / iis4] Wertheimer, Ishai (Jan 10)
  - Re: [unicode / iis4] Marco van Berkum (Jan 11)
- Re: [unicode / iis4] Wertheimer, Ishai (Jan 11)