Re: Question Regarding new IIS escaped char exp.

[H D Moore <hdm () secureaustin com>]

On Thursday 17 May 2001 01:03 pm, w1re p4ir wrote:
> Ello all,
> If an IIS machine is patched against the Unicode Attack that was released
> many months ago... Does this exploit work? I haven't really been able to
> test it on a machine that ISN'T nt4.0 sp6/a. Anyone have any ideas? -wire

Yes it would work.  The new one also affects IIS 3.0, which was previously 
unexploitable (?) after the sample files had been removed.  I updated the 
unicoder.pl tool to use the new decode sequences and added an interactive 
mode per request (command shell).  A few new directories were added, which 
should make exploiting IIS 5.0 and OWA machines easier. You can grab the 
latest copy from:

http://www.digitaloffense.net/csw/unicoder.pl

-HD