Home page logo

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] Unicode Command Execution
From: Roberto Poblete <roberto () ORION CL>
Date: Wed, 15 Nov 2000 10:04:25 -0600

You may try this:


where msadc can be any virtual directory with NTFS permision for everyone
and execute permision at the IIS, this means you can replace msadc whit
cgi-bin, certserv, scripts, etc.

good look


parth_galen () LYCOS COM escribe:
The one problem I am having with this exploit is envoking cmd.exe when
the IIS web root is on a different drive.

If IIS is installed on D:, how do you launch cmd.exe (anything) when it
is on C: ?

I have been playing the msadc's approach, but not getting it to work...

Any ideas?

Get FREE Email/Voicemail with 15MB at Lycos Communications at

Roberto Poblete / email: roberto () orion cl
fono: 6403943 / Fax: 6403990
Orion 2000
Servicios Profesionales en Seguridad Informática

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]