Vulnerability Development mailing list archives
Re: directory traversal
From: Piyush Agarwal <pvagarwal () yahoo com>
Date: Wed, 6 Feb 2002 10:30:34 -0800 (PST)
On Win 2k (running cmd.exe) C:\>cd winnt C:\WINNT>cd system32 C:\WINNT\system32>cd \...\ C:\> On same machine (now running Command.com) C:\>cd winnt C:\WINNT>cd system32 C:\WINNT\SYSTEM32>cd \...\ Invalid directory C:\WINNT\SYSTEM32> So u can see that on Win2K the triple dot traversal works in cmd.exe but not in command.com......anyone wanting to dig deeper in this ?? :-) - Piyush Agarwal --- Jim Nanney <jnanney () datasync com> wrote:
I'm just a lurker here, but a simple thought... I saw this and thought well it probably has to do with cmd.exe of win2k On my win2k machine using cmd.exe: ************************************ C:\>cd winnt\system32\drivers C:\WINNT\system32\drivers>cd \...\ C:\> on my win98 machine using command.com ************************************* C:\>cd windows\system32\drivers C:\WINDOWS\SYSTEM32\DRIVERS>cd \...\ Bad command or file name C:\WINDOWS\SYSTEM32\DRIVERS> Can't give you reasons why, but given the little information supplied I would bet it would be system calls opening a shell and thus the reason for the /.../ working on win2k and not 98. --Jim Nanney
__________________________________________________ Do You Yahoo!? Send FREE Valentine eCards with Yahoo! Greetings! http://greetings.yahoo.com
Current thread:
- directory traversal Strumpf Noir Society (Feb 05)
- Message not available
- Re[2]: directory traversal Strumpf Noir Society (Feb 05)
- Message not available
- Re: directory traversal Jim Nanney (Feb 05)
- Re: directory traversal Philip Rowlands (Feb 06)
- Re: directory traversal Piyush Agarwal (Feb 06)
- <Possible follow-ups>
- RE: directory traversal Shane Miller (Feb 05)
- RE: directory traversal Levenglick, Jeff (Feb 06)
- RE: directory traversal Piyush Agarwal (Feb 07)
- Re: directory traversal Robert Collins (Feb 07)
- Re: directory traversal Steve (Feb 07)
- Re: directory traversal Michel Arboi (Feb 14)
- RE: directory traversal Piyush Agarwal (Feb 07)
- Re: directory traversal Robert Collins (Feb 07)
- Re: directory traversal Steve (Feb 07)