Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: IIS : access to cmd.exe and multiple commands on one line

From: "Rainer Duffner" <rainer () ultra-secure de>
Date: Wed, 24 Oct 2001 12:44:26 GMT
Daniel Polombo writes:


Hello,
It is unclear to me whether this problem happens only because of the way the request is made (http://path/to/cmd.exe?/c+command1&command2), or if there are really different versions of cmd.exe. 

That may well be the case.
It gets changed during service-packs and hotfix updates.
Also, the perl-manual mentions something in the direction of "some functionality crept in...". Anyway, as another poster mentioned, the whole commandline-tools are not consistent - and thus not usable beyond simple "batch-files". 



cheers,
Rainer
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rainer Duffner                   Munich
rainer () ultra-secure de          Germany
http://www.i-duffner.de        Freising
========================================
   When shall we three meet again
 In thunder, lightning, or in rain?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Previous By Date Next
Previous By Thread Next

Current thread: