Bugtraq mailing list archives
Re: Microsoft IIS '..' Problem
From: jladwig () Soils Umn EDU (John Ladwig)
Date: Fri, 26 Jul 1996 14:27:50 -0500
On Fri, 26 Jul 1996 20:41:13 +0200, Thomas Lopatic <lopatic () dbs informatik uni-muenchen de> said:
TL> Sorry for not disclosing. I thought I had seen that one on TL> bugtraq. Suppose there is a document TL> 'http://dummy.com/Public/Index.htm' and 'Index.html' is TL> 'C:\inetsrv\wwwroot\Public\Index.htm'. Then try getting TL> 'http://dummy.com/Public/../../../autoexec.bat' which will TL> give you 'C:\autoexec.bat'. It seems, however, that the first TL> directory ('Public') will be necessary, TL> i. e. 'http://dummy.com/../../autoexec.bat' won't work. IIS 1.0c on NT 3.51 gives a "HTTP/1.0 400 Bad Request" when I try to exploit this. I was working out of the IIS /samples/ directory in the attacking URL. -jml
Current thread:
- HPUX expreserve == SunOS 4.13 expreserve? Matthew G. Harrigan (Jul 25)
- Re: HPUX expreserve == SunOS 4.13 expreserve? Thomas Lopatic (Jul 26)
- <Possible follow-ups>
- Re: HPUX expreserve == SunOS 4.13 expreserve? Paul Ashton (Jul 26)
- Re: HPUX expreserve == SunOS 4.13 expreserve? Matthew G. Harrigan (Jul 26)
- Microsoft IIS '..' Problem Thomas Lopatic (Jul 26)
- Re: Microsoft IIS '..' Problem John Ladwig (Jul 26)
- Microsoft IIS '..' Problem Thomas Lopatic (Jul 26)