Vulnerability Development mailing list archives
Re: Crashing Win9x
From: Yugoslavia () CANADA COM (PCbob - Slobodan miskoviC)
Date: Wed, 15 Mar 2000 00:54:26 -0800
Thats where you are wrong... I started thinking after I rebooted my >machine and this can be remotely exploited via www pages, simply do a meta refresh (code attached) and it'll blue screen... but >this seems to be browser dependant, IE will change the \ to / and just >complain that the file cannot be found, on the other hand netscape will >happily try to execute the code.
I did some testing in school - basiclu every program (any daemon - ftp, http...) any user program... they all crush when request is issued for \con\con or anything else from this category. we did remote administration via novel (i just say remote execute c:\nul\nul, and voila). Sambar (4.something, i think) also crashes (when issued a request like GET /nul/ul HTTP1.0\n\n via telnet, or simply in browser [i used http://computer.addres//nul/nul from any browser.]). The only thing that was not vulnerable was apahe (1.3.12 i thing, with php extenzion, but that shouldn't matter). I will try other suff, and proably put on some page i I find something else that's not vulerable, or other ways to use this best regards, Slobodan --==[BosshCCo]==-- Slobodan miskoviC: high scool student, linux geek & big nerd member of LUGY - http://www.Linux.org.YU/ __________________________________________________________ Get your FREE personalized e-mail at http://www.canada.com
Current thread:
- Re: Crashing Win9x PCbob - Slobodan miskoviC (Mar 15)
- Re: Crashing Win9x Alun Jones (Mar 20)
- Re: Crashing Win9x Michael Marschall (Mar 23)
- Re: Crashing Win9x Alun Jones (Mar 23)
- MS IIS - HTR still a problem? Pete Philips (Mar 23)
- Re: Crashing Win9x Troy Ablan (Mar 23)
- Re: Crashing Win9x Alexander Sanda (Mar 27)
- Re: Crashing Win9x Michael Marschall (Mar 23)
- Re: Crashing Win9x Alun Jones (Mar 20)