Re: IIS : access to cmd.exe and multiple commands on one line

[Rebecca Kastl <rkastl () neohapsis com>]

On Tue, 23 Oct 2001, Daniel Polombo wrote:

>     command1 & command2  (eg, cd .. & dir)
>
> works fine. On some other boxes, though, it only returns 'The parameter is
> incorrect'.
>
> It is unclear to me whether this problem happens only because of the way the
> request is made (http://path/to/cmd.exe?/c+command1&command2), or if there are
> really different versions of cmd.exe.
>
> I would assume the former, but I fail to see why it would work on some boxes
> and not others, given the same commands and commands separator.

I can't really speak to the issue of passing commands through a URL to IIS,
but I can comment on the command line behavior in general.  To say that the MS
command line environment is inconsistent is an understatement.  I discovered
years ago that the MS command line interpreters are not implemented in the
shell as they are in UNIX -- instead, they are implemented in each command
which causes inconsistent behavior among commands (and among versions of
commands).

For example:

Using 'dir' to test wildcard expressions before use will have different
results than the same wildcard expressions used with the 'del' command.  Tough
lesson to learn.


--Rebecca Kastl


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/