Confirmed working, however it can only overwrite environment variables
whose name is all capital, you can't overwrite Path.
So, you can overwrite CONTENT_LENGTH, which may trigger buffer overflow in
some applications that depends on this variable to allocate buffer, or have
the application allocat
On Wed, 2014-04-16 at 12:25 +0200, Reindl Harald wrote:
> Am 16.04.2014 08:39, schrieb Davide Davini:
> > YiFei Yang wrote:
> >> It is a bug affecting IIS4/5 using CGI on Windows NT/2000. Microsoft is
> >> aware of it and won't fix it.
> >
> > Is there any workaround this bug? I might be slow but
Am 16.04.2014 08:39, schrieb Davide Davini:
> YiFei Yang wrote:
>> It is a bug affecting IIS4/5 using CGI on Windows NT/2000. Microsoft is
>> aware of it and won't fix it.
>
> Is there any workaround this bug? I might be slow but I can't find any
just don't use unsupported OS versions if you car
YiFei Yang wrote:
> It is a bug affecting IIS4/5 using CGI on Windows NT/2000. Microsoft is
> aware of it and won't fix it.
Is there any workaround this bug? I might be slow but I can't find any.
___
Sent through the Full Disclosure mailing list
http:/
Mail]
>> > MAPI=1
>> > [MCI Extensions.BAK]
>> > asf=MPEGVideo
>> > asx=MPEGVideo
>> > ivf=MPEGVideo
>> > m3u=MPEGVideo
>> > mp2v=MPEGVideo
>> > mp3=MPEGVideo
>> > mpv2=MPEGVideo
>> > wax=MPEGVideo
>> > wm=
phpshell, execute the PHP call system
> cmd.
>
>
>
>
>
>
>
>
> > Date: Wed, 9 Apr 2014 23:11:28 +0300
> > From: kirils.solovj...@kirils.com
> > To: yuange1...@hotmail.com
> > Subject: Re: [FD] iis cgi 0day
> >
> > Sorry, I don't read
irils.com
> To: yuange1...@hotmail.com
> Subject: Re: [FD] iis cgi 0day
>
> Sorry, I don't read Chinese.
> How is this a 0day?
>
> --
> Kirils Solovjovs
___
Sent through the F
