Full Disclosure mailing list archives
IIS double UTF decoding bug (old) exploit: IIS explorer
From: full-disclosure () lists netsys com (Matthew S. Hallacy)
Date: Thu, 11 Jul 2002 12:04:14 -0500
On Thu, Jul 11, 2002 at 12:26:56PM -0400, Steve wrote:
Since it looks like we are going to have tools to test holes, the policy of only releasing ones designing to test your own system for flaws, needs to be in. As Berend says we don't need to make it any easier for script kiddies.
Unfortunately the exploits that are found on the rooted box are pretty much never anti-script kiddie, and the problem with subtle breakage of remote scripts is that it makes it very hard for joe-blow network admin to prove that there /is/ a vulnerability to the people he has to okay a maintenance window with. [snip]
Steve Szmidt
-- Matthew S. Hallacy FUBAR, LART, BOFH Certified http://www.poptix.net GPG public key 0x01938203
Current thread:
- IIS double UTF decoding bug (old) exploit: IIS explorer Berend-Jan Wever (Jul 11)
- IIS double UTF decoding bug (old) exploit: IIS explorer Steve (Jul 11)
- IIS double UTF decoding bug (old) exploit: IIS explorer Steve (Jul 11)
- IIS double UTF decoding bug (old) exploit: IIS explorer Erik Fichtner (Jul 11)
- IIS double UTF decoding bug (old) exploit: IIS explorer Matthew S. Hallacy (Jul 11)
- IIS double UTF decoding bug (old) exploit: IIS explorer Steve (Jul 11)
- IIS double UTF decoding bug (old) exploit: IIS explorer Steve (Jul 11)