Full Disclosure mailing list archives
IIS double UTF decoding bug (old) exploit: IIS explorer
From: full-disclosure () lists netsys com (Steve)
Date: Thu, 11 Jul 2002 11:00:47 -0600
So how hard is it going to be to take a tool/script that only tests localhost and modify it to test other hosts? There is really no point in forcing localhost as it won't stop anyone. Regards; Steve Manzuik Founder & Technical Lead Entrench Technologies www.entrenchtech.com Moderator - VulnWatch www.vulnwatch.org www.csicon.net ----- Original Message ----- From: "Steve" <steve () videogroup com> To: <full-disclosure () lists netsys com> Sent: Thursday, July 11, 2002 10:26 AM Subject: Re: [Full-disclosure] IIS double UTF decoding bug (old) exploit: IIS explorer
On Thursday 11 July 2002 11:28 am, you wrote:(Ok, it's an old bug but since a lot of non-geeks seem to hate updating their IIS, there still are plenty of valid targets for this exploit.) -- SCRIPT KIDDIE COMPATIBLE EXPLOIT ATTACHED -- The attached file IISexploere.php is my "SCRIPT KIDDIE COMPATIBLE"
exploit
for the double urldecoding bug in IIS. (It's a modified version of PHPexplorer, also written by yours truly ;)<snip>Berend-Jan Wever aka SkyLined http:/spoor12.edup.tudelft.nl .Since it looks like we are going to have tools to test holes, the policy
of
only releasing ones designing to test your own system for flaws, needs to
be
in. As Berend says we don't need to make it any easier for script kiddies. Also, this list is going to have script kiddies on it so people needs to
be
kept aware of not posting specifics about their network which can then be used to root them. Too often I see people giving out all sorts of
information
about their network on lists thinking there are only white hats on it. -- Steve Szmidt V.P. Information Technology Video Group Distributors, Inc. _______________________________________________ Full-Disclosure mailing list Full-Disclosure () lists netsys com http://lists.netsys.com/mailman/listinfo/full-disclosure
Current thread:
- IIS double UTF decoding bug (old) exploit: IIS explorer Berend-Jan Wever (Jul 11)
- IIS double UTF decoding bug (old) exploit: IIS explorer Steve (Jul 11)
- IIS double UTF decoding bug (old) exploit: IIS explorer Steve (Jul 11)
- IIS double UTF decoding bug (old) exploit: IIS explorer Erik Fichtner (Jul 11)
- IIS double UTF decoding bug (old) exploit: IIS explorer Matthew S. Hallacy (Jul 11)
- IIS double UTF decoding bug (old) exploit: IIS explorer Steve (Jul 11)
- IIS double UTF decoding bug (old) exploit: IIS explorer Steve (Jul 11)