A few remarks,

The following topics tackles some comments being made through private
e-mail. Just clarification.

NOT UNICODE - This is not 100% unicode we are talking about. This is
the vulnerability as discovered by NSFOCUS Security
Advisory(SA2001-02). This has been documented by Microsoft as being
MS01-026 or to be found at the CERT ( CERT® Advisory CA-2001-12 ).
Please read the history in the advisory to get a full update on the
whereabouts of this vulnerability. This five-minute code snippet is
meant to provide an easy to use testing interface for your IIS
webservers. Nothing more, nothing less.

CRIPPLED : Seems I've been sending the backup-code I had on my Windows
machine instead of the working one on my OpenBSD testing machine. It
will spit out with an error code, everyone with even pre-basic C
knowledge will know how to solve this, however, simply put brackets on
the if instruction like this:

  if ( ( strstr(recvbuffer,"404") == NULL ) ) {
         while(recv(create_socket, recvbuffer, 1, 0) > 0)
                {
                  printf("%c", recvbuffer[0]);
                 }
   }else {
     printf(" -- Wrong command processing. \n");
   }

PROOF OF CONCEPT - Tool or weapon? I guess everyone gets these
discussions now and then, and I don't even want to go that way. The
advisory is very clear, the patch is there... I do not see any harm in
having a quick'n'dirty interface for this vulnerability on this
advisory. Mind you, anyone with a netcat can pull off the exact same
thing. Hence the fact it's even a waste of time wasting C on this one,
but it just happened I had to write this one for testing purposes on our
own IIS testing machines, and I didn't felt like opening a netcat
connection and manually typing the GET request. There is no logic, I
know... :-)

Cheers,
</filip>

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]