[Full-Disclosure] IIS double UTF decoding bug (old) exploit: IIS explorer
From: Matthew S. Hallacy (full-disclosure@lists.netsys.com)
Date: 07/11/02
- Next message: Steve: "[Full-Disclosure] IIS double UTF decoding bug (old) exploit: IIS explorer"
- Previous message: Matthew S. Hallacy: "[Full-Disclosure] Re: Announcing new security mailing list"
- In reply to: Steve: "[Full-Disclosure] IIS double UTF decoding bug (old) exploit: IIS explorer"
- Next in thread: Steve: "[Full-Disclosure] IIS double UTF decoding bug (old) exploit: IIS explorer"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: full-disclosure@lists.netsys.com (Matthew S. Hallacy) Date: Thu, 11 Jul 2002 12:04:14 -0500
On Thu, Jul 11, 2002 at 12:26:56PM -0400, Steve wrote:
> Since it looks like we are going to have tools to test holes, the policy of
> only releasing ones designing to test your own system for flaws, needs to be
> in. As Berend says we don't need to make it any easier for script kiddies.
>
Unfortunately the exploits that are found on the rooted box are pretty
much never anti-script kiddie, and the problem with subtle breakage of
remote scripts is that it makes it very hard for joe-blow network admin
to prove that there /is/ a vulnerability to the people he has to okay
a maintenance window with.
[snip]
> Steve Szmidt
-- Matthew S. Hallacy FUBAR, LART, BOFH Certified http://www.poptix.net GPG public key 0x01938203
- Next message: Steve: "[Full-Disclosure] IIS double UTF decoding bug (old) exploit: IIS explorer"
- Previous message: Matthew S. Hallacy: "[Full-Disclosure] Re: Announcing new security mailing list"
- In reply to: Steve: "[Full-Disclosure] IIS double UTF decoding bug (old) exploit: IIS explorer"
- Next in thread: Steve: "[Full-Disclosure] IIS double UTF decoding bug (old) exploit: IIS explorer"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
