From mboxrd@z Thu Jan 1 00:00:00 1970 To: 9fans@cse.psu.edu From: Anthony Mandic Message-ID: <3E2E8230.914E3F15@start.com.au> Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit References: <166961a912968c8026ef0deac2c4f0a6@centurytel.net> Subject: Re: [9fans] missing cmd.exe Date: Wed, 22 Jan 2003 12:25:19 +0000 Topicbox-Message-UUID: 45bd33d2-eacb-11e9-9e20-41e7f4b1d025 Skip Tavakkolian wrote: > > Sure doesn't take long. Somewhat amusing. From httpd log: ... > RemoteIP: 128.121.239.173 > Port: 1976 > Reply: 403 Forbidden > Reason: Search not supported > FinalURI: /scripts/..%5c%5c../winnt/system32/cmd.exe > ---------- > GET /scripts/..%255c%255c../winnt/system32/cmd.exe?/c+dir It shouldn't be too hard to develop a script or program called cmd.exe to do something fun. I'm surprised Boyd hasn't suggested this yet (but maybe I'm jumping the gun, so to speak). -am © 2003