On Tue, 23 Oct 2001, Daniel Polombo wrote: > Hello, > > as you all know, it's possible to exploit a number of IIS bugs to gain > access to \winnt\system32\cmd.exe and execute arbitrary commands on the > server. I've been trying to convince it to execute several commands on one > line (as one would separate commands with a ';' under any decent shell), with > limited success : on a number of NT/2k boxes, the syntax : > > command1 & command2 (eg, cd .. & dir) > > works fine. On some other boxes, though, it only returns 'The parameter is > incorrect'. > > It is unclear to me whether this problem happens only because of the way the > request is made (http://path/to/cmd.exe?/c+command1&command2), or if there are > really different versions of cmd.exe. A suggestion: have you tried copying cmd.exe to some other filename (e.g. foo.exe) and then use *that* to execute the multiple command line? Just thinking that if redirection doesn't work without using a copy of cmd.exe, maybe some other aspects don't either. > Regards, > Daniel Best Regards, Alex (no NT box to test on, for now :) -- Alex Butcher Brainbench MVP for Internet Security: www.brainbench.com Berkshire, UK Is *your* company hiring UNIX/Security/Pen. testing folks? PGP/GnuPG ID:0x271fd950 http://www.cocoa.demon.co.uk/cv/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Tue Oct 23 2001 - 14:56:09 PDT