Home » Hacking News » Apache Win32 Batch File Remote Command Execution Vulnerability

Apache Win32 Batch File Remote Command Execution Vulnerability

by Nikola Strahija on March 24th, 2002 Special characters (such as |) may not be filtered by the batch file handler when a web request is made for a batch file. As a result, a remote attacker may be able to execute arbitrary commands on the host running the vulnerable software.

It should be noted that webservers on Windows operating systems normally run with SYSTEM privileges.

The 2.0.x series of Apache for Microsoft Windows ships with a test batch file which may be exploited to execute arbitrary commands. Since this issue is in the batch file handler, any batch file which is accessible via the web is appropriate for the purposes of exploitation.

Remote: Yes

Exploit: This issue may be exploited with a web browser.

From the forum

The forums are now OPEN AGAIN!

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Users login

JOIN XATRIX

Apache Win32 Batch File Remote Command Execution Vulnerability

Related articles

Advisories

Vulnerabilities

From the forum

Newsletter signup

Free E-books

Contact