Vulnerability Development mailing list archives

Re: New Secuity Vulnerabilities

From: xenophi1e <oliver.lavery () sympatico ca>
Date: 4 Jun 2003 23:35:50 -0000

In-Reply-To: <265000-22003623223417466 () M2W086 mail2web com>


Had a friend with a few 2K3 servers try this. Apparently it wasn't 
present on two virgin installs w/o ISS, nor on a testing machine with IIS 
(and probably the world) installed.

~x

1=2E Windows 2003 Server has a built in Command Line Interreptor (I don't
know if this service is enabled by defult but i've tested this on 9
systems,=20
in 7 of them it worked), which means that you can send commands to it

usin=

g
the HTTP (TCP)=20
  method (the web browser) by trying to access the server on port 19338
like this:

http://admin@<ip>:19338/cmd=2Ecgi?cmd=3D<EnterCommandHere>

Current thread:

New Secuity Vulnerabilities mba1 () 012 net il (Jun 04)
- <Possible follow-ups>
- Re: New Secuity Vulnerabilities xenophi1e (Jun 05)
  - Re: New Secuity Vulnerabilities Harlan Carvey (Jun 06)
- Re: New Secuity Vulnerabilities Antonio Stano (Jun 06)