Penetration Testing mailing list archives
Re: Is there any known "escape shell" techniques on a IIS/ASP server ?
From: foofus () foofus net
Date: Tue, 25 Jan 2005 14:27:08 -0600
On Tue, Jan 25, 2005 at 05:50:54PM +0100, Frederic Charpentier wrote:
The question is : - If I'am allowed to upload ASP programs on a IIS server, am I able to escape IIS to send commands to the system ?
Probably. http://www.foofus.net/jmk/iis.html#_asp --Foofus.
Current thread:
- Paros 3.2.0 beta release contact (Jan 24)
- Is there any known "escape shell" techniques on a IIS/ASP server ? Frederic Charpentier (Jan 25)
- Re: Is there any known "escape shell" techniques on a IIS/ASP server ? foofus (Jan 26)
- Is there any known "escape shell" techniques on a IIS/ASP server ? Frederic Charpentier (Jan 25)