RE: Testing Of Windows 2000 and NT4 IIS .ASP Remote Buffer Overfl ow
From: Thor Larholm (Thor@jubii.dk)Date: 04/13/02
- Previous message: Riley Hassell: "Re: Re[2]: IIS .ASP Remote Buffer Overflow [testing for vulnerable installations]"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Thor Larholm <Thor@jubii.dk> To: 'Brett Moore ' <brett@softwarecreations.co.nz>, 'Vuln-Dev ' <vuln-dev@securityfocus.com>, "'incidents@securityfocus.com '" <incidents@securityfocus.com>, "'NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM '" <NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM> Date: Sat, 13 Apr 2002 20:53:34 +0200
> From: Brett Moore
> Probably a more reliable and safe way of testing if this patch
> is installed or not, would be to test 1 of the css holes?
You could use the 404 CSS error to check if the server has the patch
installed. Make a request for some non-existant page, e.g.
http://YOUR.TLD/3lkb54j6b4kjb6jk456bk45bk45jb, then read line 42 and
compare.
Not patched line 42:
document.write( '<A HREF="' + escape(urlresult) + '">' +
displayresult + "</a>");
Patched line 42:
InsertElementAnchor(urlresult, displayresult);
Custom 404 page: Anything else. If they bothered to make a custom 404 page,
they probably also bothered to apply critical patches as this one.
This is all demonstrated at http://jscript.dk/adv/TL001/, where a quick
survey of the "Simple" examples show that hotmail.msn.com, passport.com and
lc2.law5.hotmail.passport.com are still unpatched. You may get different
results from testing, as they most likely run in a cluster.
Regards
Thor Larholm
Jubii A/S - Internet Programmer
- Previous message: Riley Hassell: "Re: Re[2]: IIS .ASP Remote Buffer Overflow [testing for vulnerable installations]"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
