Bugtraq mailing list archives
Re: Perl.exe and IIS security advisory
From: twells () SHORE NET (Tabor J. Wells)
Date: Sun, 24 Jan 1999 20:23:40 -0500
On Fri, Jan 22, 1999 at 08:58:33PM -0000, mnemonix <mnemonix () GLOBALNET CO UK> is thought to have said:
In all versions of IIS, where a website has been configured to interpret perl scripts using the perl executable (perl.exe), a problem exists where a request for a non-existent file will return the physical location on a disk of a web directory. A request for: http://www.server.com/scripts/no-such-file.pl
I really wish people wouldn't do this. www.server.com is a legitimate site (it's hosted on my network) and they certainly don't run IIS. Tabor Shore.Net -- ___________________________________________________________________________ Tabor J. Wells twells () shore net Systems Administration Manager Just another victim of the ambient morality Shore.Net -- High quality Internet access and hosting services since 1993
Current thread:
- Re: Sendmail 8.8.x/8.9.x bugware, (continued)
- Re: Sendmail 8.8.x/8.9.x bugware Phil Stracchino (Jan 21)
- Re: Sendmail 8.8.x/8.9.x bugware Phil Stracchino (Jan 21)
- linux crashes irix6.3 Philipp Schott (Jan 22)
- Re: linux crashes irix6.3 J.A. Gutierrez (Jan 23)
- CERT Advisory CA-99.01 - TCP.Wrappers (fwd) //Stany (Jan 22)
- Misleading CERT Advisory CA-99-01-Trojan-TCP-Wrappers Jochen Thomas Bauer (Jan 22)
- Follow up - IIS 4 logging mnemonix (Jan 23)
- Re: Sendmail 8.8.x/8.9.x bugware Phil Stracchino (Jan 21)
- WebRamp M3 remote network access bug John Stanley (Jan 21)
- Re: WebRamp M3 remote network access bug James Egelhof (Jan 21)
- Perl.exe and IIS security advisory mnemonix (Jan 22)
- Re: Perl.exe and IIS security advisory Tabor J. Wells (Jan 24)
- Repost: Wietse's FTP site has moved Wietse Venema (Jan 25)
- Using Example Domain Names in Exploits bandregg () REDHAT COM (Jan 25)
- IIS Advisory Update Marc (Jan 24)
- Re: backdoored tcp wrapper source code John Stange (Jan 23)
- SSH 1.x and 2.x Daemon KuRuPTioN (Jan 23)
- Re: SSH 1.x and 2.x Daemon Jan B. Koum (Jan 24)
- Re: SSH 1.x and 2.x Daemon Linux Mailing Lists (Jan 25)
- Re: SSH 1.x and 2.x Daemon KuRuPTioN (Jan 25)