[1602] in WWW Security List Archive
NT WWW Vulnerabilities?
daemon@ATHENA.MIT.EDU (Lincoln Stein)
Mon Mar 11 07:31:41 1996
Date: Mon, 11 Mar 1996 10:52:45 +0100
From: Lincoln Stein <lstein@kaa.crbm.cnrs-mop.fr>
To: "A. P. Harris" <apharris@onshore.com>
Cc: Stan Orchard <stano@halcyon.com>, www-security@ns2.rutgers.edu
In-Reply-To: <199603081635.KAA13978@burrito.onShore.com>
Errors-To: owner-www-security@ns2.rutgers.edu
The interesting thing about the IIS server is that you don't even have
to have a .BAT file in order to elicit the bug. Calling a URL that
references a nonexistent .BAT file works just fine.
IIS has announced the new version fixes this problem. I suggest you
download it.
Lincoln
A. P. Harris writes:
>
>
> [You (Stan Orchard)]
> >Please excuse if this has been asked a lot. Just got on this list. We're
> >interested in any security weaknesses in NT 3.51 running Website or the
> >MS IIS. I perused the archive for this list and can find no references.
> >I've been told this has been discussed here recently. Any thoughts would
> >be appreciated.
>
> Don't know about website, but Netscape's NT server and MS IIS both have a
> security "cave" (bigger than a hole). If you put a batch file in any area
> which can execute CGI (say, http://nt.host.com/cgi-bin/test.bat) one can run
> arbitrary DOS commands (http://nt.host.com/cgi-bin/test.bat&?dir).
>
> Hopefully this will be fixed soon. For now, I'd recommend turning all your
> batch files into .com files with a program called bat2exec. Search archie
> for bat2exec.zip. Works fine, even for running Perl out of batch files.
>
> .....A. P. Harris...apharris@onShore.com...<URL:http://www.onShore.com/>
>
>
>
