Penetration Testing mailing list archives
Re: [PEN-TEST] IIS %c1%1c remote command execution
From: Michael Katz <mike () responsible com>
Date: Thu, 19 Oct 2000 09:01:24 -0700
On Thursday, October 19, 2000 8:19 AM, Critical Watch Bugtraqqer wrote:
However, I haven't been able to find a use for this if the web site is on a separate drive. Ok, sure if there is a sample page that allows you to cruise around folders and look for interesting executables, or maybe perl.exe in the cgi-bin, you could use this exploit. But what else? Any thoughts?
You can get directory listings of any directory on any drive, including mapped drives, as well as read the contents of numerous files that you find - again, on any drive. I have confirmed this by successfully testing this exploit on vulnerable servers. Michael Katz Responsible Solutions, Ltd. mike () responsible com
Current thread:
- [PEN-TEST] IIS %c1%1c remote command execution Critical Watch Bugtraqqer (Oct 19)
- Re: [PEN-TEST] IIS %c1%1c remote command execution Michael Katz (Oct 19)
- Re: [PEN-TEST] IIS %c1%1c remote command execution Tom Vandepoel (Oct 19)
- Re: [PEN-TEST] IIS %c1%1c remote command execution David Wong (Oct 21)
- Re: [PEN-TEST] IIS %c1%1c remote command execution Tom Vandepoel (Oct 19)
- <Possible follow-ups>
- Re: [PEN-TEST] IIS %c1%1c remote command execution Frank Knobbe (Oct 19)
- Re: [PEN-TEST] IIS %c1%1c remote command execution Bobby, Paul (Oct 28)
- Re: [PEN-TEST] IIS %c1%1c remote command execution Michael Katz (Oct 19)