On Wed, 31 Jan 2001, Jesper M. Johansson wrote:

> I can't repro this. I get the code to execute, but I cannot repro the
> privilege escalation. No matter what application protection level I set this
> at I can't get it to execute as anything other than IUSR. I tried on Windows

Run whoami.exe from the cmd process that the asp code shells.
The following code from CmdAsp:
<%= "\\" & oScriptNet.ComputerName & "\" & oScriptNet.UserName %>
displays the user context the ASP is running under, not the context
of the cmd shell (which has escalated privileges).

  -Maceo

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]