Bugtraq mailing list archives
MS-DOS Filename/Directory Vulnerability
From: "Felipe Moniz" <fmoniz () ig com br>
Date: Thu, 16 Aug 2001 19:08:16 -0700
Hi all, I tested this in the PWS (based on IIS 4) and it worked. I created a file called "clientlist2001.txt" and with client~1.txt (www.site.com/client~1.txt) I get the clientlist2001.txt without know the complete name of the file. The problem occurs also when I type "postin~1.htm" for access "postinfo.html" file. I think that it's simple but can open a range of new types of cgi attacks, depending of the web server. And can be used to change attack signatures and evade intrusion detection. PWS is vulnerable, IIS 4.0 and Sambar Server apparently no, but certainly other win32 web servers are vulnerable. All long filenames, directories and files with long extensions are vulnerable. This can be considered a simple data exposure? I think that yes. This access type can be dangerous, like some directory listening bugs or path disclosure. Sorry for my english, Regards, Felipe Moniz Network Security Specialist felipemoniz () yahoo com Especialista em Segurança de Redes Rio de Janeiro, RJ - Brasil Know about Brazil: http://www.hideaway.net/stealth/brasil.shtml
Current thread:
- MS-DOS Filename/Directory Vulnerability Felipe Moniz (Aug 16)
- Re: MS-DOS Filename/Directory Vulnerability Seth Arnold (Aug 16)
- RE: MS-DOS Filename/Directory Vulnerability Troy Murray (Aug 16)
- Re: MS-DOS Filename/Directory Vulnerability Alun Jones (Aug 17)
- Re: MS-DOS Filename/Directory Vulnerability Seth Arnold (Aug 16)