.BAT and .CMD FILE ATTACKS

Sending a command line to the server, such as "http://www.domain.com/scripts/expoit.bat?&commandA+?&commandB" to the server, and then clicking the Stop Button on the browser will cause the server to execute DOS commands on the server's OS. Adding a '+?&time' or '+?&date' to the end of the command, will cause the server to pause for input. Clicking the Stop Button on the browser will interrupt the server making a log entry of the command string executed.