Bugtraq mailing list archives

Re: Perl.exe and IIS security advisory

From: twells () SHORE NET (Tabor J. Wells)
Date: Sun, 24 Jan 1999 20:23:40 -0500


On Fri, Jan 22, 1999 at 08:58:33PM -0000,
mnemonix <mnemonix () GLOBALNET CO UK> is thought to have said:

In all versions of IIS, where a  website has been configured to interpret
perl scripts using the perl executable (perl.exe), a problem exists where a
request for a non-existent file will return the physical location on a disk
of a web directory. A request for:

http://www.server.com/scripts/no-such-file.pl


I really wish people wouldn't do this. www.server.com is a legitimate
site (it's hosted on my network) and they certainly don't run IIS.

Tabor
Shore.Net
--
___________________________________________________________________________
Tabor J. Wells                                             twells () shore net
Systems Administration Manager  Just another victim of the ambient morality
Shore.Net  --  High quality Internet access and hosting services since 1993

Current thread:

Re: Sendmail 8.8.x/8.9.x bugware, (continued)
- - Re: Sendmail 8.8.x/8.9.x bugware Phil Stracchino (Jan 21)
    - Re: Sendmail 8.8.x/8.9.x bugware Phil Stracchino (Jan 21)
    - linux crashes irix6.3 Philipp Schott (Jan 22)
    - Re: linux crashes irix6.3 J.A. Gutierrez (Jan 23)
    - CERT Advisory CA-99.01 - TCP.Wrappers (fwd) //Stany (Jan 22)
    - Misleading CERT Advisory CA-99-01-Trojan-TCP-Wrappers Jochen Thomas Bauer (Jan 22)
    - Follow up - IIS 4 logging mnemonix (Jan 23)
- WebRamp M3 remote network access bug John Stanley (Jan 21)
  - Re: WebRamp M3 remote network access bug James Egelhof (Jan 21)
  - Perl.exe and IIS security advisory mnemonix (Jan 22)
    - Re: Perl.exe and IIS security advisory Tabor J. Wells (Jan 24)
    - Repost: Wietse's FTP site has moved Wietse Venema (Jan 25)
    - Using Example Domain Names in Exploits bandregg () REDHAT COM (Jan 25)
    - IIS Advisory Update Marc (Jan 24)
- backdoored tcp wrapper source code Wietse Venema (Jan 21)
  - Re: backdoored tcp wrapper source code John Stange (Jan 23)
    - SSH 1.x and 2.x Daemon KuRuPTioN (Jan 23)
    - Re: SSH 1.x and 2.x Daemon Jan B. Koum (Jan 24)
    - Re: SSH 1.x and 2.x Daemon Linux Mailing Lists (Jan 25)
    - Re: SSH 1.x and 2.x Daemon KuRuPTioN (Jan 25)
    - Re: SSH 1.x and 2.x Daemon Alan Olsen (Jan 24)

(Thread continues...)