|
|
Web Application Security
directory traversal and cmd.exe May 10 2011 10:29PM Robin Wood (robin digininja org) (2 replies) Re: directory traversal and cmd.exe May 10 2011 10:36PM Robin Wood (robin digininja org) (1 replies) |
|
Privacy Statement |
________________________________________
From: listbounce (at) securityfocus (dot) com [email concealed] [listbounce (at) securityfocus (dot) com [email concealed]] on behalf of Robin Wood [robin (at) digininja (dot) org [email concealed]]
Sent: Tuesday, May 10, 2011 3:36 PM
To: webappsec (at) securityfocus (dot) com [email concealed]
Subject: Re: directory traversal and cmd.exe
On 10 May 2011 23:29, Robin Wood <robin (at) digininja (dot) org [email concealed]> wrote:
> Can anyone tell me which version of IIS fixed this style of vulnerability?
>
> http://server.com/scripts/..%5c../Windows/System32/cmd.exe?/c+dir+c:>
> A few people have been talking about it recently but I've never come
> across it in tests despite hitting some quite old servers. From what I
> can find reading round it was IIS 4 and 5 but I'm guessing would have
> been patched well before 6 came out.
>
> Robin
>
Typical, asked the question then found the answer:
http://www.microsoft.com/technet/security/bulletin/ms00-078.mspx
No wonder I've not seen it in the wild.
Robin
This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------
This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------
[ reply ]