Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: IIS : access to cmd.exe and multiple commands on one line
From: Emre Yildirim <emre () sgi asper org>
Date: Tue, 23 Oct 2001 17:12:45 -0500

Alex Butcher (pentest) wrote:


It is unclear to me whether this problem happens only because of the way the
request is made (http://path/to/cmd.exe?/c+command1&command2), or if there are
really different versions of cmd.exe.


This is probably unrelated to this thread but


After playing around with code red infected hosts, I found that
http://path/to/cmd.exe?/rcommand+argument works too.  For example
http://path/to/cmd.exe?/rdir+c:\ displays the contents of C:\.

Does anyone know what function the "r" plays in the URL?


--
Emre Yildirim <emre () asper org>
GPG KeyID 0xF9E4A1D1 (keyserver.pgp.com)


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]