Vulnerability Development mailing list archives
RE: Rather large MSIE-hole
From: Maarten Oosterink <maarten () holmes nl>
Date: Thu, 14 Mar 2002 13:27:31 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
For instance, "%SystemRoot%" would eliminate the need for "C:\windows"
I tried this in the original sample provided by Magnus Bodin, it doesn't work, I recogn the variables aren't parsed. Maybe with more Jscript knowledge it is possible however. The same with parameters btw.. Trying to run 'c:/windows/system32/format.com c: /q /autotest' fails and so does 'c:/windows/system32/cmd -C format.com c: /q /autotest'. This is good, since this vulnerability can not be easily used for creating real havoc. But as soon as someone finds out how to parse parameters the sh*t will hit the fan.. I can image commands like 'net send * w00t w00t' being funny, but 'format c: /autotest' isn't.
This is a newbie question, but where can I find a list os system variables and its compatibility thru versions of windows?
By running SET from a command shell (without parameters) you het a list of all system variables. With regards, Maarten Oosterink System Administrator Digital Technology dpt. Netherlands Forensic Institute Ministry of Justice - The Netherlands Phone +31 (0)70 413 5 402 Fax +31 (0)70 413 5 441 E-mail maarten () holmes nl - PGP Key: http://www.holmes.nl/maarten.asc -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> iQA/AwUBPJCJKoa/klkcnTclEQJJhwCgq/D9IB/qpyzbQl5GL8jJl6GP1eUAn2Kx 6sE0wp4Lx6nbiGuKQ2srCi7M =iP42 -----END PGP SIGNATURE-----
Current thread:
- Re: Rather large MSIE-hole, (continued)
- Re: Rather large MSIE-hole methodic (Mar 14)
- Re: Rather large MSIE-hole Felipe Franciosi (Mar 14)
- Re: Rather large MSIE-hole KF (Mar 14)
- Re: Rather large MSIE-hole jon schatz (Mar 14)
- Re: Rather large MSIE-hole NoCoNFLiC (Mar 15)
- Re: [Re: Rather large MSIE-hole] another variant (NAV and Finjan block this) David Barnett (Mar 16)
- Re: Rather large MSIE-hole Raul Dias (Mar 13)
- Re: Rather large MSIE-hole Syzop (Mar 14)
- RE: Rather large MSIE-hole Ryan Sweat (Mar 14)
- Re: Rather large MSIE-hole Keegan (Mar 14)
- Re: Rather large MSIE-hole KF (Mar 14)
- Re: Rather large MSIE-hole jon schatz (Mar 14)
- RE: Rather large MSIE-hole Chad Thunberg (Mar 15)