Vulnerability Development mailing list archives
Re: [unicode / iis4]
From: "Wertheimer, Ishai" <iwertheimer () KPMG COM>
Date: Wed, 10 Jan 2001 08:59:59 -0500
I'm not sure why does Marco insist on this, since in many cases I found it not working. Here is an example: When trying to figure out directory I'm going to I tried IDQ extension and got: File E:\Somedirectory\docroot\msadc\..\..\..\..\..\..\..\..\..\..\winnt\system32\ test.idq So msadc directory isn't always directing to sysroot. Cheers, Ishai Wertheimer -----Original Message----- From: Marco van Berkum [SMTP:m.v.berkum () obit nl] Sent: ? 09 ????? 2001 10:20 To: VULN-DEV () SECURITYFOCUS COM Subject: Re: [unicode / iis4] Tim H wrote: > Hi All, > A lot of these attacks assume that the web directory is on the same drive as > the system and that the system is in the winnt directory. If neither if > these conditions are true, is this exploit still reasonable? > > Thanks, > Tim I have been reading this discussion for some while now... I find it very hard to believe that some ppl still dont know how to exploit this incredibly easy and very common bug. Read my article regarding this bug on: http://ws.obit.nl/nt.txt grtz, Marco van Berkum -- Sex is like hacking. You get in, you get out, and you hope you didn't leave something behind that can be traced back to you. Marco van Berkum, System Operator/Security Analyst OBIT b.v. RIPEHANDLE: MB17300-RIPE ***************************************************************************** The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. When addressed to our clients any opinions or advice contained in this email are subject to the terms and conditions expressed in the governing KPMG client engagement letter. *****************************************************************************
Current thread:
- Re: [unicode / iis4] white hat eagle (Jan 07)
- <Possible follow-ups>
- Re: [unicode / iis4] Tim H (Jan 08)
- Re: [unicode / iis4] Marco van Berkum (Jan 09)
- Re: [unicode / iis4] Ryan Yagatich (Jan 09)
- Re: [unicode / iis4]PLEASE HELP ME. Fabrizio Siciliano (Jan 24)
- Re: [unicode / iis4] Wertheimer, Ishai (Jan 10)
- Re: [unicode / iis4] Marco van Berkum (Jan 11)
- Re: [unicode / iis4] Wertheimer, Ishai (Jan 11)