Bugtraq mailing list archives
Re: CmdAsp.asp - What's your exposure?
From: Maceo <maceo () DOGMILE COM>
Date: Tue, 12 Dec 2000 15:16:18 -0700
What I failed to mention is that because of the broken way IIS impersonates accounts the cmd process will run as IWAM_COMPUTER or SYSTEM. In IIS 4.0 it depends upon whether or not you have chosen to "run in separate memory space" option or not. In IIS 5.0 it's the difference between Application Protection "Low" and Medium or High. This is significant because, developers may not be aware they are executing code as SYSTEM, just because they spawned a shell. -Maceo
Current thread:
- CmdAsp.asp - What's your exposure? Maceo (Dec 13)
- Re: CmdAsp.asp - What's your exposure? David Litchfield (Dec 14)
- <Possible follow-ups>
- Re: CmdAsp.asp - What's your exposure? Maceo (Dec 14)