Re: IIS : access to cmd.exe and multiple commands on one line

From: Emre Yildirim (emre@sgi.asper.org)
Date: 10/24/01


Message-ID: <3BD5EB5D.7050908@sgi.asper.org>
Date: Tue, 23 Oct 2001 17:12:45 -0500
From: Emre Yildirim <emre@sgi.asper.org>
To: pen-test@securityfocus.com
Subject: Re: IIS : access to cmd.exe and multiple commands on one line

Alex Butcher (pentest) wrote:

>>It is unclear to me whether this problem happens only because of the way the
>>request is made (http://path/to/cmd.exe?/c+command1&command2), or if there are
>>really different versions of cmd.exe.

This is probably unrelated to this thread but

After playing around with code red infected hosts, I found that
http://path/to/cmd.exe?/rcommand+argument works too. For example
http://path/to/cmd.exe?/rdir+c:\ displays the contents of C:\.

Does anyone know what function the "r" plays in the URL?

-- 
Emre Yildirim <emre@asper.org>
GPG KeyID 0xF9E4A1D1 (keyserver.pgp.com)

---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/