Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: IIS : access to cmd.exe and multiple commands on one line
From: "Rainer Duffner" <rainer () ultra-secure de>
Date: Wed, 24 Oct 2001 12:44:26 GMT

Daniel Polombo writes:

Hello,

It is unclear to me whether this problem happens only because of the way the request is made (http://path/to/cmd.exe?/c+command1&command2), or if there are really different versions of cmd.exe.

That may well be the case.
It gets changed during service-packs and hotfix updates.
Also, the perl-manual mentions something in the direction of "some functionality crept in...". Anyway, as another poster mentioned, the whole commandline-tools are not consistent - and thus not usable beyond simple "batch-files".



cheers,
Rainer
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rainer Duffner                   Munich
rainer () ultra-secure de          Germany
http://www.i-duffner.de        Freising
========================================
   When shall we three meet again
 In thunder, lightning, or in rain?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]