Penetration Testing mailing list archives
Re: IIS : access to cmd.exe and multiple commands on one line
From: Daniel Polombo <polombo () cartel-info fr>
Date: Wed, 24 Oct 2001 15:37:52 +0200
Rainer Duffner wrote:
That may well be the case. It gets changed during service-packs and hotfix updates.Also, the perl-manual mentions something in the direction of "some functionality crept in...". Anyway, as another poster mentioned, the whole commandline-tools are not consistent - and thus not usable beyond simple "batch-files".
Actually, I believe Ivy Lane hit the nail on the head. The '&' is interpreted by IIS as a CGI parameter separator, and something in the syntax irks the server, which returns an invalid parameter error. This is a CGI error, and not a cmd.exe error. I didn't see that immediately because I'm parsing the errors to extract only certain parts of the returned HTML page.
Therefore I am now trying to find a way to pass a '&' to the cmd.exe without it being interpreted first by the webserver. Hex- or unicode-encoding it is useless, since IIS will always expand those characters before actually treating the request.
Is there some kind of escaping sequence for an URL? RFC 1738 (URL) only states that '&' is a reserved character, and that %-encoding them should modify the behaviour of the webserver (ie, that the URL would be actually interpreted differently with and without %-encoding for a reserved character like '&'), but it doesn't appear to modify IIS' behaviour.
Perhaps there are some IIS-specific niceties here as well? ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- IIS : access to cmd.exe and multiple commands on one line Daniel Polombo (Oct 23)
- Re: IIS : access to cmd.exe and multiple commands on one line hellNbak (Oct 23)
- Re: IIS : access to cmd.exe and multiple commands on one line Rebecca Kastl (Oct 23)
- Re: IIS : access to cmd.exe and multiple commands on one line Alex Butcher (pentest) (Oct 23)
- Re: IIS : access to cmd.exe and multiple commands on one line Emre Yildirim (Oct 23)
- Re: IIS : access to cmd.exe and multiple commands on one line Rainer Duffner (Oct 24)
- Re: IIS : access to cmd.exe and multiple commands on one line Daniel Polombo (Oct 24)
- <Possible follow-ups>
- Re: IIS : access to cmd.exe and multiple commands on one line Garreth Jeremiah/Markham/IBM (Oct 24)
- RE: IIS : access to cmd.exe and multiple commands on one line Sam Steinmeyer (Oct 24)