Re: IIS : access to cmd.exe and multiple commands on one line

From: hellNbak (hellnbak@nmrc.org)
Date: 10/23/01 

Date: Tue, 23 Oct 2001 11:17:37 -0400 (EDT)
From: hellNbak <hellnbak@nmrc.org>
To: Daniel Polombo <polombo@cartel-info.fr>
Subject: Re: IIS : access to cmd.exe and multiple commands on one line
Message-ID: <***.666.6.66.0110231115500.7694-100000@www.nmrc.org>

Perhaps you used a bad example but you don't need to send two commands to
accomplish a directory outside of the web root. A simple "dir C:\" or
whatever would would fine.

I find it much easier to simply upload a .cmd file to the temp directory
that contains all the commands I want to run then I execute the file.

On Tue, 23 Oct 2001, Daniel Polombo wrote:

> Hello,
>
> as you all know, it's possible to exploit a number of IIS bugs to gain
> access to \winnt\system32\cmd.exe and execute arbitrary commands on the
> server. I've been trying to convince it to execute several commands on one
> line (as one would separate commands with a ';' under any decent shell), with
> limited success : on a number of NT/2k boxes, the syntax :
>
> command1 & command2 (eg, cd .. & dir)
>
> works fine. On some other boxes, though, it only returns 'The parameter is
> incorrect'.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

"I don't intend to offend, I offend with my intent"

hellNbak@nmrc.org
http://www.nmrc.org/~hellnbak

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Quantcast