Re: New Secuity Vulnerabilities
From: xenophi1e (oliver.lavery_at_sympatico.ca)
Date: 06/05/03
- Previous message: sin: "Re: Shellcode questions"
- Maybe in reply to: mba1_at_012.net.il: "New Secuity Vulnerabilities"
- Next in thread: Harlan Carvey: "Re: New Secuity Vulnerabilities"
- Reply: Harlan Carvey: "Re: New Secuity Vulnerabilities"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 4 Jun 2003 23:35:50 -0000 To: vuln-dev@securityfocus.com('binary' encoding is not supported, stored as-is) In-Reply-To: <265000-22003623223417466@M2W086.mail2web.com>
Had a friend with a few 2K3 servers try this. Apparently it wasn't
present on two virgin installs w/o ISS, nor on a testing machine with IIS
(and probably the world) installed.
~x
>1=2E Windows 2003 Server has a built in Command Line Interreptor (I don't
>know if this service is enabled by defult but i've tested this on 9
>systems,=20
>in 7 of them it worked), which means that you can send commands to it
usin=
>g
>the HTTP (TCP)=20
> method (the web browser) by trying to access the server on port 19338
>like this:
>
>http://admin@
>
- Previous message: sin: "Re: Shellcode questions"
- Maybe in reply to: mba1_at_012.net.il: "New Secuity Vulnerabilities"
- Next in thread: Harlan Carvey: "Re: New Secuity Vulnerabilities"
- Reply: Harlan Carvey: "Re: New Secuity Vulnerabilities"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
