Re: IIS : access to cmd.exe and multiple commands on one line

From: Emre Yildirim (emre@sgi.asper.org)
Date: 10/24/01

Previous message: Alex Butcher (pentest): "Re: IIS : access to cmd.exe and multiple commands on one line"
In reply to: Alex Butcher (pentest): "Re: IIS : access to cmd.exe and multiple commands on one line"
Next in thread: Rainer Duffner: "Re: IIS : access to cmd.exe and multiple commands on one line"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Message-ID: <3BD5EB5D.7050908@sgi.asper.org>
Date: Tue, 23 Oct 2001 17:12:45 -0500
From: Emre Yildirim <emre@sgi.asper.org>
To: pen-test@securityfocus.com
Subject: Re: IIS : access to cmd.exe and multiple commands on one line

Alex Butcher (pentest) wrote:

>>It is unclear to me whether this problem happens only because of the way the
>>request is made (http://path/to/cmd.exe?/c+command1&command2), or if there are
>>really different versions of cmd.exe.

This is probably unrelated to this thread but

After playing around with code red infected hosts, I found that
http://path/to/cmd.exe?/rcommand+argument works too. For example
http://path/to/cmd.exe?/rdir+c:\ displays the contents of C:\.

Does anyone know what function the "r" plays in the URL?

-- Emre Yildirim <emre@asper.org> GPG KeyID 0xF9E4A1D1 (keyserver.pgp.com)

---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/

Previous message: Alex Butcher (pentest): "Re: IIS : access to cmd.exe and multiple commands on one line"
In reply to: Alex Butcher (pentest): "Re: IIS : access to cmd.exe and multiple commands on one line"
Next in thread: Rainer Duffner: "Re: IIS : access to cmd.exe and multiple commands on one line"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: ettercap help
... Anyways have never tried Ettercap for VNC. ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... This list is provided by the SecurityFocus Security Intelligence Alert ...
(Pen-Test)
RE: CFM SQL injection
... You should better use union or alike get unauthorized data from the ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
(Pen-Test)
Re: ettercap help
... > I can get it to sniff telnet, ftp, pop, smb, but no vnc. ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
(Pen-Test)
Re: Wardialing
... >>> achieving the connection with the modem. ... >>This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
(Pen-Test)
RE: How to Tackle the Legal Tangle?
... How to Tackle the Legal Tangle? ... >This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
(Pen-Test)