Thursday, October 16, 2014

Windows Command Injection Vulnerability for a Command Shell

An attacker can target file servers lying on intranet using this security vulnerability

With the help of this security impact, normal user can perform privilege escalation on windows file server systems by just creating some fancy (Not really) folders. In order to perform this vulnerability, user just need to create some special folders with regularly being used commands such as ping, cd, md etc…