[Full-Disclosure] IIS double UTF decoding bug (old) exploit: IIS explorer
Matthew S. Hallacy
poptix at techmonkeys.org
Thu Jul 11 18:04:14 BST 2002
On Thu, Jul 11, 2002 at 12:26:56PM -0400, Steve wrote:
> Since it looks like we are going to have tools to test holes, the policy of
> only releasing ones designing to test your own system for flaws, needs to be
> in. As Berend says we don't need to make it any easier for script kiddies.
>
Unfortunately the exploits that are found on the rooted box are pretty
much never anti-script kiddie, and the problem with subtle breakage of
remote scripts is that it makes it very hard for joe-blow network admin
to prove that there /is/ a vulnerability to the people he has to okay
a maintenance window with.
[snip]
> Steve Szmidt
--
Matthew S. Hallacy FUBAR, LART, BOFH Certified
http://www.poptix.net GPG public key 0x01938203
Full-Disclosure is hosted and sponsored by Secunia.