Proxy-based Unicode Scanner / Anonymous

["Loyal Moses" <loyal () budlight com>]

Hey, hey! 

http://www.sec33.com/webtools/unicode 

Interestingly enough it was only suppose to be a php script that ran a test 
for Unicode via the web. Mostly so I could do some remote testing from just 
about any system with a browser. 

Well, ... it then became a php script that utilizes any web-proxy on any 
port. So you can route your unicode test from just about anywhere. 

Well after that, I figured I would just incorporate several directory 
structures both standard and non-standard mixed with all the variations of 
the exploit and it added up to around 40 or more. I only have 29 on the web, 
but I've tested the scripts on my clients and while other checks come up 
negative.. This one seems to do the trick. 

If anyone has any ideas or a list of their versions of the exploit I would 
like to take a look. 

Thanks, 

./lm 


_______________________________________________________________
Get your FREE Bud Light e-mail account at http://budlight.com 
Bud Light E-Mail must be used responsibly and only is for consumers 21 years of age and older!
 
 

Disclaimer: Neither Anheuser-Busch, Inc. (the makers of BUD LIGHT beer) nor the operator of this E-Mail service or 
their respective affiliates have seen, endorsed or approved any of the content in this e-mail and expressly disclaim 
all liability for the content in whole and in part.