Hello Nick, Thursday, November 13, 2003, 3:14:40 AM, you wrote:
NJ> Has anyone even had any luck reproducing this? I can't for the life of NJ> me get a crash... NJ> -----Original Message----- NJ> From: Geo. NJ> Sent: Wed 11/12/2003 11:41 AM NJ> To: [EMAIL PROTECTED] NJ> Cc: NJ> Subject: RE: [Full-Disclosure] Frontpage Extensions Remote NJ> Command Execution NJ> >> NJ> Well, for one, it's not root level. It allows ANONYMOUS (Guest) NJ> access NJ> << NJ> No it's not, IWAM is Web Applications MANAGER account you were NJ> thinking of NJ> IUSR perhaps? This is not guest. This account can change NJ> websites so in a NJ> multi host environment this level of access will allow a NJ> compromise of every NJ> website on the server. NJ> Geo. (I'd call that root) NJ> _______________________________________________ NJ> Full-Disclosure - We believe in it. NJ> Charter: http://lists.netsys.com/full-disclosure-charter.html What i learned from this overflow was that there is a difference between sending 500 'A's and sending 500 'X's. sending 500 'A' even more doesn't trigger access violation on dllhost process. however if u send 500 'X's u'll get acces violation. well at least thats what i noticed. maybe i'm wrong. so sometimes sendin different strings might generate different results. -- Best regards, Adik mailto:[EMAIL PROTECTED] _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html