Re: IIS : access to cmd.exe and multiple commands on one line
From: Thor@HammerofGod.comDate: 10/24/01
- Previous message: Sam Steinmeyer: "RE: IIS : access to cmd.exe and multiple commands on one line"
- In reply to: Daniel Polombo: "Re: IIS : access to cmd.exe and multiple commands on one line"
- Next in thread: Garreth Jeremiah/Markham/IBM: "Re: IIS : access to cmd.exe and multiple commands on one line"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Thor@HammerofGod.com To: polombo@cartel-info.fr Message-ID: <00b801c15cb1$42c02520$af05a8c0@anchorsign.com> Subject: Re: IIS : access to cmd.exe and multiple commands on one line Date: Wed, 24 Oct 2001 10:28:08 -0700
Have you just tried the "+" sign instead of the "&"? That works too.
AD
----- Original Message -----
From: "Daniel Polombo" <polombo@cartel-info.fr>
To: <pen-test@securityfocus.com>
Sent: Wednesday, October 24, 2001 6:37 AM
Subject: Re: IIS : access to cmd.exe and multiple commands on one line
> Rainer Duffner wrote:
>
>
> > That may well be the case.
> > It gets changed during service-packs and hotfix updates.
> > Also, the perl-manual mentions something in the direction of "some
> > functionality crept in...".
> >
> > Anyway, as another poster mentioned, the whole commandline-tools are not
> > consistent - and thus not usable beyond simple "batch-files".
>
> Actually, I believe Ivy Lane hit the nail on the head. The '&' is
interpreted
> by IIS as a CGI parameter separator, and something in the syntax irks the
> server, which returns an invalid parameter error. This is a CGI error, and
not
> a cmd.exe error. I didn't see that immediately because I'm parsing the
errors
> to extract only certain parts of the returned HTML page.
>
> Therefore I am now trying to find a way to pass a '&' to the cmd.exe
without
> it being interpreted first by the webserver. Hex- or unicode-encoding it
is
> useless, since IIS will always expand those characters before actually
> treating the request.
>
> Is there some kind of escaping sequence for an URL? RFC 1738 (URL) only
states
> that '&' is a reserved character, and that %-encoding them should modify
the
> behaviour of the webserver (ie, that the URL would be actually interpreted
> differently with and without %-encoding for a reserved character like
'&'),
> but it doesn't appear to modify IIS' behaviour.
>
> Perhaps there are some IIS-specific niceties here as well?
>
>
> --------------------------------------------------------------------------
-- > This list is provided by the SecurityFocus Security Intelligence Alert (SIA) > Service. For more information on SecurityFocus' SIA service which > automatically alerts you to the latest security vulnerabilities please see: > https://alerts.securityfocus.com/---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
- Previous message: Sam Steinmeyer: "RE: IIS : access to cmd.exe and multiple commands on one line"
- In reply to: Daniel Polombo: "Re: IIS : access to cmd.exe and multiple commands on one line"
- Next in thread: Garreth Jeremiah/Markham/IBM: "Re: IIS : access to cmd.exe and multiple commands on one line"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
