Vulnerability Development mailing list archives
Re: New Secuity Vulnerabilities
From: xenophi1e <oliver.lavery () sympatico ca>
Date: 4 Jun 2003 23:35:50 -0000
In-Reply-To: <265000-22003623223417466 () M2W086 mail2web com> Had a friend with a few 2K3 servers try this. Apparently it wasn't present on two virgin installs w/o ISS, nor on a testing machine with IIS (and probably the world) installed. ~x
1=2E Windows 2003 Server has a built in Command Line Interreptor (I don't know if this service is enabled by defult but i've tested this on 9 systems,=20 in 7 of them it worked), which means that you can send commands to it
usin=
g the HTTP (TCP)=20 method (the web browser) by trying to access the server on port 19338 like this: http://admin@<ip>:19338/cmd=2Ecgi?cmd=3D<EnterCommandHere>
Current thread:
- New Secuity Vulnerabilities mba1 () 012 net il (Jun 04)
- <Possible follow-ups>
- Re: New Secuity Vulnerabilities xenophi1e (Jun 05)
- Re: New Secuity Vulnerabilities Harlan Carvey (Jun 06)
- Re: New Secuity Vulnerabilities Antonio Stano (Jun 06)