Re: Apache HTTPD's magical behavior

[Russell Handorf <rhandorf () mail russells-world com>]

as it turns out the servers i tried this against had a miss-configuration.

when i was working on this with other people, on their log's it showed that 
i was accessing the dir that was before the '..'

a miss config in their httpd.conf file was corrected, and the problem solved.

sorry for the confusion :)

russ

At 02:55 PM 11/30/2001 -0500, you wrote:
> Russell:
>         I'm sorry if there is any confusion, however these 2 URL's are
> different. backbone.sourceforge.com is redirected to 'sourceforge.net'and
> backbone.sourceforge.net has directory browsing available anyways. by
> attempting to access: backbone.sourceforge.com/mrtg-2.8.12/ I get a 404.
> when trying to access backbone.sourceforge.net/mrtg-2.8.12/ I show up with
> "Index of...."
>
> when attempting to add .. to the directory, obviously i get
> backbone.sourceforge.net's directory because its browseable anyways.
>
> Could you please explain further on any other findings?
>
> Thanks,
> Ryan Yagatich
>
>
>
>
> On Fri, 30 Nov 2001, Russell Handorf wrote:
>
> -Today I was browsing the Internet when I came across a server that would
> -not let me view the contents of the root dir.
> -
> -However, it did let me view the contents of a dir within it's root dir. So
> -I tried the following:
> -
> -http://<server>/<dir i can browse>../
> -
> -And for some reason it allowed me to view the root dir and all of its 
> contents.
> -
> -Anyone else have this problem?
> -
> -I submit the following example.
> -
> -First, go to
> -
> -http://backbone.sourceforge.com
> -
> -now, go to
> -
> -http://backbone.sourceforge.net/mrtg-2.8.12/..         (Don't forget the 
> '..'s)
> -
> -I know the server log's it as viewing the readable dir plus the /..    and
> -that files within the root dir, once exposed via the '..', may have a
> -problem with being downloaded. That is easily circumvented via adding in
> -the file name after .. (ex: http://<Server>/<dir>/../<file>
> -
> -
> -russ
> -==================================
> -Russell Handorf
> -oooo, shiney ::Wanders after it::
> -
> -www.russells-world.com
> -www.inside-aol.com
> -www.terrorists.net
> -www.bad-mother-fucker.org
> -www.philly2600.net
> -
> -"Computer games don't affect kids, I mean if Pacman affected us as kids,
> -we'd all be running around in darkened rooms, munching pills and listening
> -to repetitive music." ~unknown
> -==================================
> -

==================================
Russell Handorf
oooo, shiney ::Wanders after it::

www.russells-world.com
www.inside-aol.com
www.terrorists.net
www.bad-mother-fucker.org
www.philly2600.net

"Computer games don't affect kids, I mean if Pacman affected us as kids, 
we'd all be running around in darkened rooms, munching pills and listening 
to repetitive music." ~unknown
==================================