|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Summary of IIS 4.0/5.0 Unicode thread (end of thread?)
From: Robert A. Seace (ras
SLARTIBARTFAST.MAGRATHEA.COM)Date: Fri Oct 27 2000 - 05:40:38 CDT
- Next message: Lincoln Yeoh: "Squid doesn't quote urls in error messages."
- Previous message: Mark: "Re: Possible exploit in FreeBSD 4.0"
- In reply to: Ryan Yagatich: "Summary of IIS 4.0/5.0 Unicode thread (end of thread?)"
- Next in thread: Ryan Yagatich: "Re: Summary of IIS 4.0/5.0 Unicode thread (end of thread?)"
- Next in thread: Marcelo Lamoglia: "Re: Summary of IIS 4.0/5.0 Unicode thread (end of thread?)"
- Reply: Robert A. Seace: "Re: Summary of IIS 4.0/5.0 Unicode thread (end of thread?)"
- Reply: Ryan Yagatich: "Re: Summary of IIS 4.0/5.0 Unicode thread (end of thread?)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
In the profound words of Ryan Yagatich:
>
> Summary of IIS 4.0/5.0 Unicode thread (end of thread?)
>
[very good summary snipped...]
>
> also, you can setup a tftp server on your box, and tftp the
> file/trojan in which you are attempting to run. (netcat anyone?) all you
> have to do is setup the command string, the same way.
Another way to transfer files would be "rcp", if you find
it easier to setup "in.rshd" on your server... (At least,
the NT machine I saw had an "rcp.exe" client installed in
"\winnt\system32\"... Not sure how standard that is...)
> Protection:
> There are multiple ways of getting around this. first of all, your webroot
> is the key. (so far) it has been shown that this code will only execute if
> the /winnt directory is located in the same as the webroot directory...
Is that true? I thought the point behind the "msadc" variation
was that it removed that limitation... Because, as far as I can see,
the location of the "msadc" directory is actually
"C:\Program Files\Common Files\system\msadc" (on at least this
test system I'm using)... (Just do a "dir", without the "+c:\", and
it'll show you the directory name...) So, even if the web root were
elsewhere, as long as "Program Files" was on the same drive as "winnt",
it should work... (I'm just speculating, here... Someone with
more definitive info should definitely speak up...)
-- ||========================================================================|| || Rob Seace || URL || ras
- Next message: Lincoln Yeoh: "Squid doesn't quote urls in error messages."
- Previous message: Mark: "Re: Possible exploit in FreeBSD 4.0"
- In reply to: Ryan Yagatich: "Summary of IIS 4.0/5.0 Unicode thread (end of thread?)"
- Next in thread: Ryan Yagatich: "Re: Summary of IIS 4.0/5.0 Unicode thread (end of thread?)"
- Next in thread: Marcelo Lamoglia: "Re: Summary of IIS 4.0/5.0 Unicode thread (end of thread?)"
- Reply: Robert A. Seace: "Re: Summary of IIS 4.0/5.0 Unicode thread (end of thread?)"
- Reply: Ryan Yagatich: "Re: Summary of IIS 4.0/5.0 Unicode thread (end of thread?)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]