Utilization of IIS5 Unicode Code Vulnerability
2001-04-18.21: 43: 46
Name: IIS5 Unicode Encoding Vulnerabilities Utilization Http://www.cnhonker.com Honker Union of China must know that the scenery is a long time IIS5 Unicode encoding vulnerability. No way, the first tutorial doesn't know what to write, just join together, write this vulnerability attack experience. 1 Let's take a look at the principle of this vulnerability. In the Chinese version of IIS4, and ISS5, there is a bug because the Unicode encoding exists in Unicode encoding, found a strange encoding method, for example:% C1% HH% C0% HH (0x00 <= 0xHH <0x40) IIS encodes "% C1% HH" into (0xC1 -0xc0) * 0x40 0xHH. For example (Windows 2000 IIS 5.0 SP1 Simplified Chinese version): http://192.168.8.48/a.ida/