Vulnerability Development mailing list archives
Re: [unicode / iis4]
From: Marco van Berkum <m.v.berkum () obit nl>
Date: Thu, 11 Jan 2001 09:35:13 +0100
"Wertheimer, Ishai" wrote:
Here is an example: When trying to figure out directory I'm going to I tried IDQ extension and got: File E:\Somedirectory\docroot\msadc\..\..\..\..\..\..\..\..\..\..\winnt\system32\ test.idq
???????? First of all you say that with IDQ you get this: E:\Somedirectory\docroot\msadc\..\..\..\..\..\..\..\..\..\..\winnt\system32\test.idq I find this hard to believe since NT will never show you \..\..\ kinda traversal chars (they filter these NON unicode encoded chars out, unicode would be ../..\..), and another point is that the msadc directory is NOT after document_root directory but it is on c:\program files\common files\system\msadc and another point is that winnt\system32 will not be found on drive E: (at least not with normal installation).
So msadc directory isn't always directing to sysroot.
It is. grtz, Marco van Berkum -- Sex is like hacking. You get in, you get out, and you hope you didn't leave something behind that can be traced back to you. Marco van Berkum, System Operator/Security Analyst OBIT b.v. RIPEHANDLE: MB17300-RIPE
Current thread:
- Re: [unicode / iis4] white hat eagle (Jan 07)
- <Possible follow-ups>
- Re: [unicode / iis4] Tim H (Jan 08)
- Re: [unicode / iis4] Marco van Berkum (Jan 09)
- Re: [unicode / iis4] Ryan Yagatich (Jan 09)
- Re: [unicode / iis4]PLEASE HELP ME. Fabrizio Siciliano (Jan 24)
- Re: [unicode / iis4] Wertheimer, Ishai (Jan 10)
- Re: [unicode / iis4] Marco van Berkum (Jan 11)
- Re: [unicode / iis4] Wertheimer, Ishai (Jan 11)