Penetration Testing mailing list archives
Re: [PEN-TEST] IIS %c1%1c remote command execution
From: "Bobby, Paul" <paul.bobby () LMCO COM>
Date: Thu, 26 Oct 2000 13:17:30 -0400
No one answered your question..... nor will I, but at least I will acknowledge it. My document directory is stored on my 'D:' drive..... okay, so I can't do relative directory traversals. I have not been able to refer to the cmd.exe or other commands either, like rcp.exe Someone else mentioned different hexcode values.... Well that is because it's unicode and is dependent on the language version of Windows NT that someone has installed on their system.
-----Original Message----- From: Critical Watch Bugtraqqer [mailto:bugtraq () CRITICALWATCH COM] Sent: Thursday, October 19, 2000 11:19 AM To: PEN-TEST () SECURITYFOCUS COM Subject: [PEN-TEST] IIS %c1%1c remote command execution Hello all Been playing around with this vulnerability. Obviously anyone who has place thier inetpub directory on the system drive is in serious trouble. However, I haven't been able to find a use for this if the web site is on a separate drive. Ok, sure if there is a sample page that allows you to cruise around folders and look for interesting executables, or maybe perl.exe in the cgi-bin, you could use this exploit. But what else? Any thoughts? Thanks in advance, Nelson Bunker Critical Watch
Current thread:
- [PEN-TEST] IIS %c1%1c remote command execution Critical Watch Bugtraqqer (Oct 19)
- Re: [PEN-TEST] IIS %c1%1c remote command execution Michael Katz (Oct 19)
- Re: [PEN-TEST] IIS %c1%1c remote command execution Tom Vandepoel (Oct 19)
- Re: [PEN-TEST] IIS %c1%1c remote command execution David Wong (Oct 21)
- Re: [PEN-TEST] IIS %c1%1c remote command execution Tom Vandepoel (Oct 19)
- <Possible follow-ups>
- Re: [PEN-TEST] IIS %c1%1c remote command execution Frank Knobbe (Oct 19)
- Re: [PEN-TEST] IIS %c1%1c remote command execution Bobby, Paul (Oct 28)
- Re: [PEN-TEST] IIS %c1%1c remote command execution Michael Katz (Oct 19)