[PEN-TEST] Unicode Command Execution

[Parth Galen <parth_galen () lycos com>]

The one problem I am having with this exploit is envoking cmd.exe when the IIS web root is on a different drive.

If IIS is installed on D:, how do you launch cmd.exe (anything) when it is on C: ?

I have been playing the msadc's approach, but not getting it to work...

Any ideas?


Get FREE Email/Voicemail with 15MB at Lycos Communications at http://comm.lycos.com