Hi all...
Just wanted to point out that while testing my Default installation of
Windows 98
running Microsoft Personal Web Server that came with the Windows98 SE CD
I discovered that the famous IIS 4/5 Unicode Directory Traversal
Vulnerability applies also to this Server just as bad as in IIS.
The exploit method is the same :
http://PWS-server/scripts/..%c1%9c../windows/notepad.exe
I wont go in to detail on how to exploit a Windows machine...
(Sorry script kiddies)...
Patches: Dunno.
Quickfixes: Use Linux.
Dinos Pastos - [EMAIL PROTECTED]
Security Advisor
