[Full-disclosure] Exploit technical challenges
- From: yuange <yuange1975@xxxxxxxxxxx>
- Date: Sat, 1 Jan 2011 09:21:40 +0000
Exploit technical challenges
IIS known vulnerability allows an interpretation of any given php file.
How to execute arbitrary commands?
Application Environment: Firewall configuration does not allow outside connections.
Requirements: not required to upload files.
Subject: iis4\iis5 cgi bug and WEB Service CGI Interface Vulnerability Analysis (continued)
Date: Sat, 11 Dec 2010 06:06:37 +0000
Too many bad things in the belly of the fast. 2000 of iis, unicode \ decode \ cgi \ webdav \ etc vulnerability, reaching a peak, and later transferred to rpc study. Now there is a 01 or so found a serious flaw, iis4, 5 set error loading cgi vulnerability, execute arbitrary commands or view arbitrary files. Spent nearly a decade, this vulnerability have been quickly eaten away. Because iis5.1 core code into the kernel start iis, this exploit code has been dropped, so will not need a later version.
There are loopholes in some time ago to write an article. Did not intend to put out, and feel that soon decayed, it released together.
C:\tool>iiscmd -s 192.168.0.112 -f c:\winnt\win.ini
HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 05:21:17 GMT
; for 16-bit app support
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
- Prev by Date: [Full-disclosure] Is Security Disclosure
- Next by Date: [Full-disclosure] Announcing cross_fuzz, a potential 0-day in circulation, and more
- Previous by thread: [Full-disclosure] Is Security Disclosure
- Next by thread: [Full-disclosure] Announcing cross_fuzz, a potential 0-day in circulation, and more