Vulnerability Development mailing list archives

Re: Crashing Win9x

From: Yugoslavia () CANADA COM (PCbob - Slobodan miskoviC)
Date: Wed, 15 Mar 2000 00:54:26 -0800

Thats where you are wrong... I started thinking after I rebooted my >machine
and this can be remotely exploited via www pages,
simply do a meta refresh (code attached) and it'll blue screen... but >this
seems to be browser dependant, IE will change the \ to / and just >complain
that the file cannot be found, on the other hand netscape will >happily try
to execute the code.


I did some testing in school - basiclu every program (any daemon - ftp, http...) any user program... they all crush 
when request is issued for \con\con or anything else from this category.
we did remote administration via novel (i just say remote execute c:\nul\nul, and voila). Sambar (4.something, i think) 
also crashes (when issued a request like GET /nul/ul HTTP1.0\n\n via telnet, or simply in browser [i used 
http://computer.addres//nul/nul from any browser.]). The only thing that was not vulnerable was apahe (1.3.12 i thing, 
with php extenzion, but that shouldn't matter). I will try other suff, and proably put on some page i I find something 
else that's not vulerable, or other ways to use this

best regards, Slobodan

--==[BosshCCo]==--
Slobodan miskoviC: high scool student,
        linux geek & big nerd
member of LUGY - http://www.Linux.org.YU/
__________________________________________________________
Get your FREE personalized e-mail at http://www.canada.com

Current thread:

Re: Crashing Win9x PCbob - Slobodan miskoviC (Mar 15)
- Re: Crashing Win9x Alun Jones (Mar 20)
  - Re: Crashing Win9x Michael Marschall (Mar 23)
    - Re: Crashing Win9x Alun Jones (Mar 23)
    - MS IIS - HTR still a problem? Pete Philips (Mar 23)
  - Re: Crashing Win9x Troy Ablan (Mar 23)
  - Re: Crashing Win9x Alexander Sanda (Mar 27)