Re: Webhits.dll arbitrary file retrieval Vulnerability

From: Jian Hui Wang (jhwang@gosecure.ca)
Date: Thu Mar 03 2005 - 14:09:22 EST

Next message: Jian Hui Wang: "Java Code Review Template"
Previous message: Merrick, Carl: "HP BL30's and VLAN's"
Maybe in reply to: Maverick The Techie: "Webhits.dll arbitrary file retrieval Vulnerability"
Next in thread: H D Moore: "Re: Webhits.dll arbitrary file retrieval Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

('binary' encoding is not supported, stored as-is) In-Reply-To: <55d0d8e305030223257757f25c@mail.gmail.com>

1) for Webhits.dll

It is possible that they patched the system but still have htw ISAPI mapping.

If you cannot exploit them, classify it as a false postive but do suggest your client unmapping the mapping.

2) For log

Put the link at browser and download it ( save it to your disk). Find a software to crack it.

Correct me if I am wrong.

Jian Hui Wang, M.Sc, CSE, CCSE, CCNA

Security Analyst

Gosecure Inc.

Venez consulter notre portail SecInfo pour les dernières nouvelles en sécurité:

http://www.gosecure.ca/SecInfo/index.html

Next message: Jian Hui Wang: "Java Code Review Template"
Previous message: Merrick, Carl: "HP BL30's and VLAN's"
Maybe in reply to: Maverick The Techie: "Webhits.dll arbitrary file retrieval Vulnerability"
Next in thread: H D Moore: "Re: Webhits.dll arbitrary file retrieval Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:17 EDT