Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Problems with typing 'cmd.exe' in News Manager
#1
This is an odd one which may be host dependant. I have a site I run as a technical blog to store 'How to' fixes to server configs etc. I was writing one up this morning which had cmd.exe in it and it would not save, but returned an Apache access error.
A bit of investigating suggests when I save the News Item the remote server tries to execute the cmd.exe and fails - thank goodness!

If I type cmd.exee - 2 'e's - then it's happy.

So as the hosting server is out of my control - it's iFastNet - can anyone suggest how I can mask or escape cmd.exe?

TiA.
Reply
#2
A way would be turning to html source code mode and insert cmd<span>.</span>exe

I suppose that this is not really an issue with News Manager, but also with normal GS pages (please try, just in case).
Reply
#3
(2018-06-22, 00:35:55)Carlos Wrote: A way would be turning to html source code mode and insert cmd<span>.</span>exe

I suppose that this is not really an issue with News Manager, but also with normal GS pages (please try, just in case).

Thanks for the prompt & helpful reply. You are correct.

Using span allows it to be saved. Without span - so just cmd.exe - one gets:

Forbidden
You don't have permission to access /admin/changedata.php on this server.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.


You are also correct that it is NOT the News Manager as a normal blank page with cmd.exe typed into it also fails to save with an identical error.

best wishes
Reply
#4
(2018-06-22, 01:04:52)david.matthewson Wrote:
(2018-06-22, 00:35:55)Carlos Wrote: A way would be turning to html source code mode and insert cmd<span>.</span>exe

I suppose that this is not really an issue with News Manager, but also with normal GS pages (please try, just in case).

Thanks for the prompt & helpful reply. You are correct.

Using span allows it to be saved. Without span - so just cmd.exe - one gets:

Forbidden
You don't have permission to access /admin/changedata.php on this server.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.


You are also correct that it is NOT the News Manager as a normal blank page with cmd.exe typed into it also fails to save with an identical error.

best wishes
It would be interesting to know if this happens on other hosts too...
Reply
#5
Its not being executed its mod sec detecting and blocking a possible injection
NEW: SA Admin Toolbar Plugin | View All My Plugins
- Shawn A aka Tablatronix
Reply




Users browsing this thread: 1 Guest(s)