| ]

Subscribe to the RSS feed in case you are interested in updates



I wrote a small summary and facts about the recent IIS5&6 FTP 0day, note that te vulnerable part of the code can be reached without writing to a directory on IIS6 but that Stackcookies make exploitation impossible/unlikely.

More information :
http://blog.g-sec.lu/2009/09/iis-5-iis-6-ftp-vulnerability.html