Bugtraq mailing list archives

Microsoft IIS '..' Problem

From: lopatic () dbs informatik uni-muenchen de (Thomas Lopatic)
Date: Fri, 26 Jul 1996 20:41:13 +0200

and there is another
'..' error in their Internet Information Server. Anyone offering more?


I have yet to see this error in IIS. Where and how does it exist?


Sorry for not disclosing. I thought I had seen that one on bugtraq. Suppose
there is a document 'http://dummy.com/Public/Index.htm&apos; and 'Index.html' is
'C:\inetsrv\wwwroot\Public\Index.htm'. Then try getting
'http://dummy.com/Public/../../../autoexec.bat&apos; which will give you
'C:\autoexec.bat'. It seems, however, that the first directory ('Public')
will be necessary, i. e. 'http://dummy.com/../../autoexec.bat&apos; won't
work.

But now back to the Unix things.
-Thomas

--
Thomas Lopatic                               lopatic () informatik uni-muenchen de

Current thread:

HPUX expreserve == SunOS 4.13 expreserve? Matthew G. Harrigan (Jul 25)
- Re: HPUX expreserve == SunOS 4.13 expreserve? Thomas Lopatic (Jul 26)
- <Possible follow-ups>
- Re: HPUX expreserve == SunOS 4.13 expreserve? Paul Ashton (Jul 26)
- Re: HPUX expreserve == SunOS 4.13 expreserve? Matthew G. Harrigan (Jul 26)
  - Microsoft IIS '..' Problem Thomas Lopatic (Jul 26)
    - Re: Microsoft IIS '..' Problem John Ladwig (Jul 26)