

Windows Batch Script Command Injection - ristich
http://thesecurityfactory.be/command-injection-windows.html

======
dkhenry
So this places batch in the same situation as bash, but for some reason the
internet is not losing its mind and claiming that the world will end.

~~~
ristich
The flaw is in the same vein but not as widely exposed to exploitation. It
requires human intervention of sorts to browse to an insecure script. Most
interesting detail is that Microsoft is sticking by their design and
recommending scripts be altered by the authors. This trick will hang around
for a while.

