[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[stalk:00410] Re: IIS CGI Filename Decode Error Vulnerability

To: security-talk@xxxxxxxxxxxxxxxxxxxx
Subject: [stalk:00410] Re: IIS CGI Filename Decode Error Vulnerability
From: Seiichi Nakashima <nakasei@xxxxxxxxxxxx>
Date: Thu, 17 May 2001 08:42:48 +0900

$B!!!!!!(B $B!V<-=qGc$&$N$b$C$?$$$J$$$7!"$$$A$$$A<-=q$a$/$k$NLLE]$@$J!A!W!!!!!!(B 
(B
$B!!!!!!!!!!!!!!!!!!!!!!!!$=$s$J;~$O%$%s%U%)%7!<%/!*!!!!!!!!!!!!!!!!!!!!!!!!(B
$B!!!!!!!!!V1QOB<-E5!W!VOB1Q<-E5!W!V9q8l<-E5!W%5!<%S%9$O$8$a$^$7$?!#!!!!!!!!(B
$B!!!!!!!!!!!!!!!!(B  http://jiten.infoseek.co.jp/?svx=971128 $B!!!!!!!!!!!!!!!!(B
(B------------------------------------------------------------------------
(B
(B
$BCfEg$G$9!#(B
(B
(Bbugtraq$B$GN.$l$F$$$?$N$G$9$,!"(BIIS$B$@$1$G$J$/(BMail$B4D6-$bCm0U$,I,MW$J$h$&$G$9!#(B
(B
(B======
(B
(Byehuda $B$5$s$O=q$-$^$7$?(B:
(B>	This may be obvious, but even if a server is not accessible to the
(B>internet, you can exploit it via email. All you need is the following
(B>information:
(B>
(B>> 1 - an email address on their network. It must be one that someone will
(B>> read, and the person must be using a reader that renders html mail.
(B>> 2 - the hostname or IP of the win2k server
(B>> 
(B>> all you need to do is craft an html email to your mail user (see 1 above)
(B>> with the %25c double-parse vulnerability as a url in the mail message.
(B>> (Use an img tag so it will run automatically and attempt to download an
(B>> "image".)
(B>> 
(B>> user reads the message, and blammo!
(B>> 
(B>	if an administrator feels he doesn't need to patch his win2k server
(B>because it's not available on the internet, think again.
(B>
(B
(B------------------------------
(B Name   : Seiichi Nakashima
(B E-Mail : nakasei@xxxxxxxxxxxx
(B------------------------------
(B--
(B- $B$3$N%a%$%j%s%0%j%9%H$K4X$9$khttp://www.infoseek.co.jp/GHome?pg=gn_top.html&svx=971122

Follow-Ups:
- [stalk:00413] Re: IIS CGI Filename Decode Error Vulnerability
  - From: TAKAGI, Hiromitsu

References:
- [stalk:00409] Re: IIS CGI Filename Decode Error Vulnerability
  - From: Shin

Prev by Date: [stalk:00409] Re: IIS CGI Filename Decode Error Vulnerability
Next by Date: [stalk:00411] [FYI] FireWall Defenders $B%a%$%j%s%0%j%9%H$N%"!<%+%$(B$B%V!":G4|$N8x3+Cf(B
Previous by thread: [stalk:00409] Re: IIS CGI Filename Decode Error Vulnerability
Next by thread: [stalk:00413] Re: IIS CGI Filename Decode Error Vulnerability
Index(es):
- Date
- Thread