Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Unicode exploit - version 2

From: Roelof Temmingh <roelof () SENSEPOST COM>
Date: Thu, 26 Oct 2000 12:12:14 +0200
All,

http://www.securityfocus.com/vdb/bottom.html?section=exploit&vid=1806 applies:

After the discussion on Bugtraq et al on the IIS Unicode flaw, this PERL
script will check the existance of an 'alternative' cmd.exe, and pass all
commands to the alternative shell, or creates it if it does not exists - making
redirection of commands possible.

Credit to all that contributed.

Greetings,
Roelof.

------------------------------------------------------
Roelof W Temmingh               SensePost IT security
roelof () sensepost com         +27 83 448 6996
                http://www.sensepost.com

Attachment: unicodexecute2.pl
Description:

Previous By Date Next
Previous By Thread Next

Current thread: