Error
  • JFile::read: Unable to open file: 'http://tinyurl.com/api-create.php?url=http://www.governmentsecurity.org/index.php?option=com_content&Itemid=90&catid=43&id=118&lang=en&view=article'
IIS UNICODE Information
There is a lot of servers that are using IIS (Web server software from Micro$oft). This Web server, (like all software) have hole, that can be used to gain access to the system. Gain access mean you can errase, modify, create, files on it. The most famous and used exploit on IIS is the 'UNICODE HOLE'.

 

By default, IIS check the URL you ask and see if there is a ..\.. in it. If it find it, it's 
mean that someone try to acces up directory. It is possible, but normaly you can't acces up
to the root of the defined public web acces directory. So IIS will stop you if you try for
example : 
HTTP://www.server.com/../../../file.txt
The Tricks is to code the / or \ with it's UNICODE value, with this, IIS won't see it, and 
will let you go up the root web directory.
Here you can Find the Official "U.W.D" UNICODE SCANNER 
Step ONE 
Download it ;) 
Step TWO 
- Run a DOS Command window - Go to the directory you downloaded it -
STEP THREE 
C:\> uwd.exe startip endip your_nick 
E.G : C:\> uwd.exe 127.0.0.1 127.0.0.255 AloneTrio 
Doing this, the UWD scanner will try the unicode 'Tricks' on all server between Startip and 
Endip. It create a report file called uwd.txt in the same directory

GSO
Written on Saturday, 03 October 2009 16:10 by GSO

Viewed 440 times so far.
Like this? Tweet it to your followers!
Published in Subscribe to the RSS feed of Network Security & Hacking Articles  Network Security & Hacking Articles / Subscribe to the RSS feed of Legacy Security Articles  Legacy Security Articles
Like this? Let your friends know now!

Rate this article

Latest articles from GSO

Latest 'tweets' from GovernmentSecurity

blog comments powered by Disqus
back to top
 

Our Sponsors

Shoutcast Streams | Internet Radio HOSTINGLitespeed Web HostingIRC | IRCd | Internet Relay Chat HostingEarn Recurring Income

Member Login