[20688] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

UNICODE2 (2708)

daemon@ATHENA.MIT.EDU (Security COnfera)
Thu May 17 04:25:26 2001

From: "Security COnfera" <honza.dforum@atlas.cz>
To: "Bugtraq List" <BUGTRAQ@securityfocus.com>
Date: Wed, 16 May 2001 21:55:49 +0200
Message-ID: <MABBKNADCCICHEMKLNDPMEGMCGAA.honza.dforum@atlas.cz>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-2"
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi all


I tested Microsoft IIS CGI Filename Decode Error Vulnerability
on Personal Web Server v1.0 and v3.0 on win98 and is vulnerable.

i use /scripts/..%255c..%255c

and
 %%35c , %%35%63 , %25%35%63 

Kachlik Jan


-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

iQA/AwUBOwJLZCBUZIferCyJEQKALwCgoPa9XX7UjbcSiWDmbjQTTvaAz2sAoJhR
ejDh3ZByrXLmd6b4j++76s6O
=7++w
-----END PGP SIGNATURE-----


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[20688] in bugtraq

UNICODE2 (2708)

daemon@ATHENA.MIT.EDU (Security COnfera)Thu May 17 04:25:26 2001

daemon@ATHENA.MIT.EDU (Security COnfera)
Thu May 17 04:25:26 2001