IIS UNICODE Information

Exploits:

Articles

font size: decrease font size increase font size
Rate this article
View Comments
Related content

By default, IIS check the URL you ask and see if there is a ..\.. in it. If it find it, it's
mean that someone try to acces up directory. It is possible, but normaly you can't acces up
to the root of the defined public web acces directory. So IIS will stop you if you try for
example :
HTTP://www.server.com/../../../file.txt
The Tricks is to code the / or \ with it's UNICODE value, with this, IIS won't see it, and
will let you go up the root web directory.
Here you can Find the Official "U.W.D" UNICODE SCANNER
Step ONE
Download it ;)
Step TWO
- Run a DOS Command window - Go to the directory you downloaded it -
STEP THREE
C:\> uwd.exe startip endip your_nick
E.G : C:\> uwd.exe 127.0.0.1 127.0.0.255 AloneTrio
Doing this, the UWD scanner will try the unicode 'Tricks' on all server between Startip and
Endip. It create a report file called uwd.txt in the same directory

Written on Saturday, 03 October 2009 16:10 by GSO

Viewed 163 times so far.
Like this? Tweet it to your followers!

Published in Subscribe to the RSS feed of Network Security & Hacking Articles Network Security & Hacking Articles / Subscribe to the RSS feed of Legacy Security Articles Legacy Security Articles

Like this? Let your friends know now!

Rate this article

Latest articles from GSO

Bugtraq: Re: /proc filesystem allows bypassing directory permissions on Linux posted on Monday, 29 November 1999 16:00
Re: /proc filesystem allows bypassing directory permissions on Linux
Vuln: IBM Lotus Connections Mobile Activities Pages Cross Site Scripting Vulnerability posted on Monday, 26 October 2009 12:00
IBM Lotus Connections Mobile Activities Pages Cross Site Scripting Vulnerability
Bugtraq: Adobe Acrobat Reader up to 9.1.1 ONLY Linux integer overflow to heap overflow. posted on Monday, 29 November 1999 16:00
Adobe Acrobat Reader up to 9.1.1 ONLY Linux integer overflow to heap overflow.
Bugtraq: Rising Multiple Products Local Privilege Escalation Vulnerability posted on Monday, 29 November 1999 16:00
Rising Multiple Products Local Privilege Escalation Vulnerability
Bugtraq: {PRL} Rising Firewall 2009 Privilege Escalation posted on Monday, 29 November 1999 16:00
{PRL} Rising Firewall 2009 Privilege Escalation

Latest 'tweets' from GovernmentSecurity

News Update: Cyber war is coming, the impact could be huge: CBS News reports that cyber.. http://bit.ly/1tx1kr | #Security Link Monday, 09 November 2009 07:35
News Update: Tenable Network #Security Podcast - Episode 11: Welcome to the Tenable Netw.. http://bit.ly/2Iqd6G | Security Link Monday, 09 November 2009 07:35
News Update: Consent will be required for cookies in Europe: EDITORIAL: A law that dema.. http://bit.ly/3JYgip | #Security Link Monday, 09 November 2009 07:35
News Update: CBS 60 Minutes tackles cyber-terrorism: Could hackers get into the compute.. http://bit.ly/2d5Y21 | #Security Link Monday, 09 November 2009 07:35
Blog Update: We have launched the new GovernmentSecurity.org: We decided to launch th.. http://bit.ly/2G1SSF | #Security Link Saturday, 07 November 2009 17:38

blog comments powered by Disqus

back to top

Rate this article

Latest articles from GSO

Latest 'tweets' from GovernmentSecurity

Site Search

Login Form

Disqus Tools