Re: IIS : access to cmd.exe and multiple commands on one line

From: Thorat_private
Date: Wed Oct 24 2001 - 10:28:08 PDT

Next message: Ofir Arkin: "Xprobe 0.0.2 Released"

Previous message: Sam Steinmeyer: "RE: IIS : access to cmd.exe and multiple commands on one line"
In reply to: Daniel Polombo: "Re: IIS : access to cmd.exe and multiple commands on one line"
Next in thread: Garreth Jeremiah/Markham/IBM: "Re: IIS : access to cmd.exe and multiple commands on one line"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Have you just tried the "+" sign instead of the "&"?  That works too.
AD


----- Original Message -----
From: "Daniel Polombo" <polombo@cartel-info.fr>
To: <pen-testat_private>
Sent: Wednesday, October 24, 2001 6:37 AM
Subject: Re: IIS : access to cmd.exe and multiple commands on one line


> Rainer Duffner wrote:
>
>
> > That may well be the case.
> > It gets changed during service-packs and hotfix updates.
> > Also, the perl-manual mentions something in the direction of "some
> > functionality crept in...".
> >
> > Anyway, as another poster mentioned, the whole commandline-tools are not
> > consistent - and thus not usable beyond simple "batch-files".
>
> Actually, I believe Ivy Lane hit the nail on the head. The '&' is
interpreted
> by IIS as a CGI parameter separator, and something in the syntax irks the
> server, which returns an invalid parameter error. This is a CGI error, and
not
> a cmd.exe error. I didn't see that immediately because I'm parsing the
errors
> to extract only certain parts of the returned HTML page.
>
> Therefore I am now trying to find a way to pass a '&' to the cmd.exe
without
> it being interpreted first by the webserver. Hex- or unicode-encoding it
is
> useless, since IIS will always expand those characters before actually
> treating the request.
>
> Is there some kind of escaping sequence for an URL? RFC 1738 (URL) only
states
> that '&' is a reserved character, and that %-encoding them should modify
the
> behaviour of the webserver (ie, that the URL would be actually interpreted
> differently with and without %-encoding for a reserved character like
'&'),
> but it doesn't appear to modify IIS' behaviour.
>
> Perhaps there are some IIS-specific niceties here as well?
>
>
> --------------------------------------------------------------------------
--
> This list is provided by the SecurityFocus Security Intelligence Alert
(SIA)
> Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security vulnerabilities please
see:
> https://alerts.securityfocus.com/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Next message: Ofir Arkin: "Xprobe 0.0.2 Released"
Previous message: Sam Steinmeyer: "RE: IIS : access to cmd.exe and multiple commands on one line"
In reply to: Daniel Polombo: "Re: IIS : access to cmd.exe and multiple commands on one line"
Next in thread: Garreth Jeremiah/Markham/IBM: "Re: IIS : access to cmd.exe and multiple commands on one line"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Oct 24 2001 - 14:34:15 PDT