Vulnerability Development mailing list archives
Re: IIS 4.0 leaking files?
From: ___cliff rayman___ <cliff () genwax com>
Date: Thu, 02 Aug 2001 12:37:50 -0700
hypoclear wrote:
I posted this to bugtraq, but I'm not sure if it will be posted, so I will post here too.
not if it is evaluated first.
--- I recently viewed a web page on a server running IIS 4.0 and accidently appended a \ after the url. This to my suprise caused the page to download. This occured under
this is standard. everything after the last slash would be available to a cgi program from the environment variable: PATH-INFO
Netscape 4.6 (IE5 appears to ignore the \). I was wondering if anyone else could confirm this behavior. It is not my server so I
everyone else can - yes.
cannot do extensive testing on it, so I'm bringing it to the community. The file that downloaded was a .html file, however I am curious if appending a \ has the possibility of downloading .asp's or .cgi's. If that was true it would be a definite security hole. Email
nope. not unless the server were misconfigured. you will just get the html code spit out by the .asp or .cgi script
me hypoclear () jungle net or the list with any findings. hypoclear
-- ___cliff rayman___cliff@genwax.com___http://www.genwax.com/
Current thread:
- IIS 4.0 leaking files? hypoclear (Aug 02)
- Re: IIS 4.0 leaking files? ___cliff rayman___ (Aug 02)
- Re: IIS 4.0 leaking files? Ian Stoba (Aug 02)
- Re: IIS 4.0 leaking files? Stanley G. Bubrouski (Aug 02)
- Re: IIS 4.0 leaking files? Michel Arboi (Aug 03)
- Re: IIS 4.0 leaking files? Stanley G. Bubrouski (Aug 03)
- Re: IIS 4.0 leaking files? Michel Arboi (Aug 03)
- RE: IIS 4.0 leaking files? Colby Marks (Aug 02)
- <Possible follow-ups>
- RE: IIS 4.0 leaking files? Johnson, Michael (Aug 02)