WebApp Sec mailing list archives
RE: directory traversal and cmd.exe
From: Jeremi Gosney <Jeremi.Gosney () motricity com>
Date: Tue, 10 May 2011 23:57:16 +0000
MS00-078 was the original vuln, but it was reprised in MS09-020 (CVE-2009-1535) ________________________________________ From: listbounce () securityfocus com [listbounce () securityfocus com] on behalf of Robin Wood [robin () digininja org] Sent: Tuesday, May 10, 2011 3:36 PM To: webappsec () securityfocus com Subject: Re: directory traversal and cmd.exe On 10 May 2011 23:29, Robin Wood <robin () digininja org> wrote:
Can anyone tell me which version of IIS fixed this style of vulnerability? http://server.com/scripts/..%5c../Windows/System32/cmd.exe?/c+dir+c:\ A few people have been talking about it recently but I've never come across it in tests despite hitting some quite old servers. From what I can find reading round it was IIS 4 and 5 but I'm guessing would have been patched well before 6 came out. Robin
Typical, asked the question then found the answer: http://www.microsoft.com/technet/security/bulletin/ms00-078.mspx No wonder I've not seen it in the wild. Robin This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus -------------------------------------- This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
Current thread:
- directory traversal and cmd.exe Robin Wood (May 10)
- Re: directory traversal and cmd.exe Robin Wood (May 10)
- RE: directory traversal and cmd.exe Jeremi Gosney (May 12)
- Re: directory traversal and cmd.exe Jonathan Younie (May 12)
- Re: directory traversal and cmd.exe Robin Wood (May 10)