|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Joxean Koret (joxeankoret
yahoo.es)
Date: Fri Mar 23 2007 - 05:15:57 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi,
Did you test it using UNC paths? It may be a way to
truly execute arbitrary code.
Regards,
Joxean Koret
>Exploit:
>Send a HTML email message containing the URL:
><a href="c:/windows/system32/winrm?">Click here!</a>
>or
><a href="c:/windows/system32/migwiz?">Click here!</a>
>and winrm.cmd/migwiz.exe gets executed without asking
>for permission.
>These are just examples.
>
>I could not pass arguments to winrm (hehe this would
>be beautiful), but I guess there
>are several attack vectors.
______________________________________________
LLama Gratis a cualquier PC del Mundo.
Llamadas a fijos y móviles desde 1 céntimo por minuto.
http://es.voice.yahoo.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]