[22685] in bugtraq
Re: New vulnerability in IIS4.0/5.0
daemon@ATHENA.MIT.EDU (=?iso-8859-1?q?C=E9sar=20Gonz=E1le)
Wed Sep 19 20:07:33 2001
Message-Id: <200109192130.f8JLUgj15852@bolo.sytes.net>
Content-Type: text/plain;
charset="iso-8859-1"
From: =?iso-8859-1?q?C=E9sar=20Gonz=E1lez?= <cesar@eureka-sistemas.com>
To: Bugtraq@securityfocus.com
Date: Wed, 19 Sep 2001 23:30:42 +0200
In-Reply-To: <Pine.GSO.4.30.0109191127570.19628-100000@mail>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
>
> Has anyone managed to exploit a patched system?
I have tested the vulnerability in a patched W2k spanish version 100% free of
UNICODE vulnerability. I cant exploit nothing but there are a diference
between an attack with the UNICODE representation and the UTF one. Look :
With UNICODE :
HTTP/1.1 404 Objeto no encontrado
Server: Microsoft-IIS/5.0
Date: Wed, 19 Sep 2001 21:15:31 GMT
Content-Length: 3404
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html dir=ltr>
<head>
.....
.....
..... the usual not found page.....
with UTF :
HTTP/1.1 500 Error del servidor
Server: Microsoft-IIS/5.0
Date: Wed, 19 Sep 2001 21:16:29 GMT
Content-Type: text/html
Content-Length: 88
<html><head><title>Error</title></head><body>El parámetro no es correcto.
</body></html>
I have "The paremeter is incorrect" for response.
Note the HTTP/1.1 500 (Server Error) in difference with the last HTTP/1.1 404
(not found)
strange....
Other experiences?
César González Revilla
Eureka Sistemas S.L.
C/ San Fernando 16 bajo
39010 Santander
http://www.eureka-sistemas.com/
cesar@eureka-sistemas.com
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org
mQGiBDsshKoRBADzt7m8nsYJ02l3Vh794IuBQITQ+Ks6anzdKrsAhb2WXoE3eICY
gdi21727h9L4bJAHwBGf0//zTMbKXYSRBfB8qi2LkJpam/zvdGi8jY7VmEiyOSnu
aDhaXzXLY/K9QhVey8IS4N2D/taMYURvxsXdpslfwxKr2+C0gReL487LwwCgxgXo
QZSPhgcqQH2T09bNDQzJWM0EAL5ohJlXoxG2LJKnw+1fRwwGhkHY/m5ZIk6KnPHx
JjBLytAUYuGf+KapDOk1kGBOnnmGNOU/mvBe4/SpsfaIE9Dr1IwT7a566pNUTCjq
SXXTWXbMPfQYg2fxC9Q6BnKY7ksLPes0tM8ZxTYPQbEgGS2kzRwDcNq1gI8df9Ij
NTLdBACQXDy6RlE3Ruqzq2zHvYW5Bw8J0O2A71JUh/+/giF2J36pE4CP5kOQfXGO
WHVf9EQMWRJILjLrYJuxz7MTIoaneLCYsX+pQN85bllBvdBNpXMr6Gfl0/WDz34b
RUYk1sfmfDj+s3bQdzkdUtB0GKHV5wyYXKiWjIufsC4jxizmT7RBQ2VzYXIgR29u
emFsZXogUmV2aWxsYSAoQUtBIEJvbG9Ucm9uKSA8Y2VzYXJAZXVyZWthLXNpc3Rl
bWFzLmNvbT6IVwQTEQIAFwUCOyyEqgULBwoDBAMVAwIDFgIBAheAAAoJEDA5nDye
t7spk5AAnAqy+Yqd8FO/27umg3EvtjGUU+tjAJ9jaRBI1Bc/sb2Nq48+Vp9RT4VI
1rkBDQQ7LIS6EAQAkK3BHsTfJM2PriGBhfkc3UK9pMLMd7hYeRmh8ZW0S3NBwul/
PaD9luVIKRkJLJHElO4E5a4PMu27vBTSqPcdUKy5IeAD42WlaemU4bgTP0wCv7rU
UJCbtaKkpl0m86AGqVBd/0mBwSQUKrcJmMfCskpA2LNUjibOvjPVWjmph8MAAwUD
/1uLj+9Ptkkhuy7LGBfivMIu/DLmvRz4C/fYJi9GtiI2u7Drdb9C3vPop9zTTNWE
5YV3H9oa6E8C/Pp63naT0Y3Nxl+8PJT/QF2BtGEqdaaswy96YL6Rodgdq5YImUIX
szYY1IO8cglMfqsUHHhquZ+Ur9Y0mpPWzUNjls7Nz+M6iEYEGBECAAYFAjsshLoA
CgkQMDmcPJ63uyk4oACfVLdOOcq0Pmp8g4u7nJWNP2kYhJ0An2q7IxBGPnWgXEcD
Q4Qy6O0V86q4
=y6jk
-----END PGP PUBLIC KEY BLOCK-----
