Penetration Testing mailing list archives
Is there any known "escape shell" techniques on a IIS/ASP server ?
From: Frederic Charpentier <fcharpen () xmcopartners com>
Date: Tue, 25 Jan 2005 17:50:54 +0100
I'am seeking information, papers or codes about "escape shell" on ASP technology. I found a lot of stuffs about "escape shell" with PHP, but nothing interresting about ASP.
The question is :- If I'am allowed to upload ASP programs on a IIS server, am I able to escape IIS to send commands to the system ?
Any informations will be greatly appreciated. Fred. -- _______________________________________ Frederic Charpentier - Xmco Partners Security Consulting / Pentest web : http://www.xmcopartners.com
Current thread:
- Paros 3.2.0 beta release contact (Jan 24)
- Is there any known "escape shell" techniques on a IIS/ASP server ? Frederic Charpentier (Jan 25)