Vulnerability Development mailing list archives
Re: Unusal response from IIS with some file names
From: Rob Wilson <r.wilson () BUSINESSHEALTH CO UK>
Date: Wed, 14 Mar 2001 10:05:34 -0000
on iis 4 .... It is not just endings try www.server.co.uk/aaaa:~1aaaaaa this gives a 500 you can keep adding characters and eventually (i've not counted when) it turns back into a 404 Rob -----Original Message----- From: Kevin van Haaren [mailto:kevinv () HOCKEY NET] Sent: Wednesday, March 14, 2001 12:22 To: VULN-DEV () SECURITYFOCUS COM Subject: Re: Unusal response from IIS with some file names At 18:43 +0100 3/12/2001, Woch, Wojciech wrote:
Hello, IIS v4.0 seems to give an usual response when non-existing files ending
with
one of the following sequences of characters are requested: :~n |~n ~n: ~n| where "n" stands for a number between 0-9 (ex: GET /file:~1). Instead of
the
regular 404, we get HTTP/1.1 500 Server Error Server: Microsoft-IIS/4.0 Date: Mon, 12 Mar 2001 17:08:27 GMT Content-Type: text/html Content-Length: 126 <html><head><title>Error</title></head><body>The filename, directory name, or volume label syntax is incorrect. </body></html>
This may be related to NT's 8.3 short naming for DOS/Win 3.x compatibility. From Microsoft: Under Windows NT 3.1 NTFS, longfile names are converted to 8.3 names to support DOS based clients. This conversion simply takes the first 6 characters of the long name, and uses a "~n" suffix (where "n" is number) to keep the name unique if needed. When the tenth filename is converted and the suffix exceeds 2 characters, only 5 characters of the name are used to accommodate the three characters in the suffix and so on as needed. It could be that IIS is getting an error other than "file not found" error because NT gives a different response for filenames in what it things are 8.3 format. Not sure if disabling the 8.3 name creation will fix this but here's how: http://support.microsoft.com/support/kb/articles/Q121/0/07.asp
Current thread:
- Unusal response from IIS with some file names Woch, Wojciech (Mar 12)
- Re: Unusal response from IIS with some file names Kevin van Haaren (Mar 13)
- Re: Unusal response from IIS with some file names ProvenSecurity News List (Mar 13)
- <Possible follow-ups>
- Re: Unusal response from IIS with some file names Rob Wilson (Mar 14)