Re: IIS : access to cmd.exe and multiple commands on one line

From: Rainer Duffner (rainer@ultra-secure.de)
Date: 10/24/01


Message-ID: <20011024124426.73483.qmail@bsd.ultra-secure.de>
From: "Rainer Duffner" <rainer@ultra-secure.de>
To: Daniel Polombo <polombo@cartel-info.fr>
Subject: Re: IIS : access to cmd.exe and multiple commands on one line
Date: Wed, 24 Oct 2001 12:44:26 GMT

Daniel Polombo writes:

> Hello,

> It is unclear to me whether this problem happens only because of the way
> the request is made (http://path/to/cmd.exe?/c+command1&command2), or if
> there are really different versions of cmd.exe.

That may well be the case.
It gets changed during service-packs and hotfix updates.
Also, the perl-manual mentions something in the direction of "some
functionality crept in...".

Anyway, as another poster mentioned, the whole commandline-tools are not
consistent - and thus not usable beyond simple "batch-files".

 

cheers,
Rainer

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rainer Duffner                   Munich
rainer@ultra-secure.de          Germany
http://www.i-duffner.de        Freising
========================================
    When shall we three meet again
  In thunder, lightning, or in rain?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 

---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/