Bugtraq mailing list archives
Re: shtml.exe reveal local path of IIS web directory
From: smiler () VXD ORG (SMILER)
Date: Mon, 8 May 2000 01:20:35 +0100
I tested this in WIN NT 4.0 and it also reveal local path of iis Web Directory. -----Original Message----- From: Frankie Zie <root () CNNS NET> To: BUGTRAQ () SECURITYFOCUS COM <BUGTRAQ () SECURITYFOCUS COM> Date: Domingo, 7 de Maio de 2000 22:08 Subject: shtml.exe reveal local path of IIS web directory
I found there is a security problem about shtml.exe that allows anyone to explore the local path of IIS web server. Tested on windows2000 server.shtml.exe is a program issued with Forntpage Extention server for viewing smart HTML file, If we install Frontpage on Windows2000 server, a directory names "/_vti_bin" will be installed on web root directory. Normally we can view HTML file or SHTML file by the following method: http://210.145.32.98/_vti_bin/shtml.exe/postinfo.html shtml.exe only accepts html¡¢shtml or htm files, if the requested file does not exist, we will get the local path of the web directory: http://207.69.190.42/_vti_bin/shtml.exe/postinfo1.html We get the following message: Cannot open "d:\inetpub\wwwroot\postinfo1.html": no such file or folder. By the way, if we request file that does not exist and the extention file name is not html, shtml or asp, such as http://207.69.190.42/_vti_bin/shtml.exe/postinfo1.exe, We'll get different message: Cannot run the FrontPage Server Extensions' Smart HTML interpreter on this non-HTML page: "postinfo1.exe"
Current thread:
- shtml.exe reveal local path of IIS web directory Frankie Zie (May 06)
- Re: shtml.exe reveal local path of IIS web directory Dimitri van de Giessen (May 07)
- Re: shtml.exe reveal local path of IIS web directory Security (May 08)
- <Possible follow-ups>
- Re: shtml.exe reveal local path of IIS web directory SMILER (May 07)
- Re: shtml.exe reveal local path of IIS web directory Matt Carothers (May 13)