Is there any known "escape shell" techniques on a IIS/ASP server ?

From: Frederic Charpentier (fcharpen_at_xmcopartners.com)
Date: 01/25/05

Next message: foofus_at_foofus.net: "Re: Is there any known "escape shell" techniques on a IIS/ASP server ?"

Previous message: pete: "Re: Educational Security Assessment project for Northern Virginia Community College students."
In reply to: contact_at_parosproxy.org: "Paros 3.2.0 beta release"
Next in thread: foofus_at_foofus.net: "Re: Is there any known "escape shell" techniques on a IIS/ASP server ?"
Reply: foofus_at_foofus.net: "Re: Is there any known "escape shell" techniques on a IIS/ASP server ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 25 Jan 2005 17:50:54 +0100
To: pen-test@securityfocus.com

I'am seeking information, papers or codes about "escape shell" on ASP
technology.
I found a lot of stuffs about "escape shell" with PHP, but nothing
interresting about ASP.

The question is :
- If I'am allowed to upload ASP programs on a IIS server, am I able to
escape IIS to send commands to the system ?

Any informations will be greatly appreciated.

Fred.

-- 
_______________________________________
Frederic Charpentier - Xmco Partners
Security Consulting / Pentest
web  : http://www.xmcopartners.com

Next message: foofus_at_foofus.net: "Re: Is there any known "escape shell" techniques on a IIS/ASP server ?"

Previous message: pete: "Re: Educational Security Assessment project for Northern Virginia Community College students."
In reply to: contact_at_parosproxy.org: "Paros 3.2.0 beta release"
Next in thread: foofus_at_foofus.net: "Re: Is there any known "escape shell" techniques on a IIS/ASP server ?"
Reply: foofus_at_foofus.net: "Re: Is there any known "escape shell" techniques on a IIS/ASP server ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]