20 December 2008

Web Server Holes (Unicode)

There is a lot of servers that are using IIS (Web server software from Micro$oft). This Web
server, (like all software) have hole, that can be used to gain access to the system. Gain
access mean you can errase, modify, create, files on it. The most famous and used exploit
on IIS is the 'UNICODE HOLE'.


By default, IIS check the URL you ask and see if there is a ..\.. in it. If it find it, it's
mean that someone try to acces up directory. It is possible, but normaly you can't acces up
to the root of the defined public web acces directory. So IIS will stop you if you try for
example :
HTTP://www.server.com/../../../file.txt

The Tricks is to code the / or \ with it's UNICODE value, with this, IIS won't see it, and
will let you go up the root web directory.

Here you can Find the Official "U.W.D" UNICODE SCANNER

Step ONE
Download it ;)

Step TWO
- Run a DOS Command window - Go to the directory you downloaded it -

STEP THREE
C:\> uwd.exe startip endip your_nick
E.G : C:\> uwd.exe 127.0.0.1 127.0.0.255 AloneTrio

Doing this, the UWD scanner will try the unicode 'Tricks' on all server between Startip and
Endip. It create a report file called uwd.txt in the same directory.

Lifehacker