Penetration Testing mailing list archives
[PEN-TEST] IIS %c1%1c remote command execution
From: Critical Watch Bugtraqqer <bugtraq () CRITICALWATCH COM>
Date: Thu, 19 Oct 2000 10:19:20 -0500
Hello all Been playing around with this vulnerability. Obviously anyone who has place thier inetpub directory on the system drive is in serious trouble. However, I haven't been able to find a use for this if the web site is on a separate drive. Ok, sure if there is a sample page that allows you to cruise around folders and look for interesting executables, or maybe perl.exe in the cgi-bin, you could use this exploit. But what else? Any thoughts? Thanks in advance, Nelson Bunker Critical Watch
Current thread:
- [PEN-TEST] IIS %c1%1c remote command execution Critical Watch Bugtraqqer (Oct 19)
- Re: [PEN-TEST] IIS %c1%1c remote command execution Michael Katz (Oct 19)
- Re: [PEN-TEST] IIS %c1%1c remote command execution Tom Vandepoel (Oct 19)
- Re: [PEN-TEST] IIS %c1%1c remote command execution David Wong (Oct 21)
- Re: [PEN-TEST] IIS %c1%1c remote command execution Tom Vandepoel (Oct 19)
- <Possible follow-ups>
- Re: [PEN-TEST] IIS %c1%1c remote command execution Frank Knobbe (Oct 19)
- Re: [PEN-TEST] IIS %c1%1c remote command execution Bobby, Paul (Oct 28)
- Re: [PEN-TEST] IIS %c1%1c remote command execution Michael Katz (Oct 19)