Vulnerability Development mailing list archives
Re: directory traversal
From: Jim Nanney <jnanney () datasync com>
Date: Tue, 5 Feb 2002 16:28:31 -0600 (CST)
I'm just a lurker here, but a simple thought... I saw this and thought well it probably has to do with cmd.exe of win2k On my win2k machine using cmd.exe: ************************************ C:\>cd winnt\system32\drivers C:\WINNT\system32\drivers>cd \...\ C:\> on my win98 machine using command.com ************************************* C:\>cd windows\system32\drivers C:\WINDOWS\SYSTEM32\DRIVERS>cd \...\ Bad command or file name C:\WINDOWS\SYSTEM32\DRIVERS> Can't give you reasons why, but given the little information supplied I would bet it would be system calls opening a shell and thus the reason for the /.../ working on win2k and not 98. --Jim Nanney On Tue, 5 Feb 2002, Strumpf Noir Society wrote:
Hi,
Does anyone know any reasons why a good ol' "triple dot" directory
traversal ("/.../") would succeed on Win2k only and not for
example on Win9x systems running the exact same application and
configuration?
Much obliged :)
Thejian
--
Best regards,
Strumpf Noir Society mailto:vuln-dev () labs secureance com
"Mere accumulation of observational evidence is not proof."
-- Death, "The Hogfather"
Current thread:
- directory traversal Strumpf Noir Society (Feb 05)
- Message not available
- Re[2]: directory traversal Strumpf Noir Society (Feb 05)
- Message not available
- Re: directory traversal Jim Nanney (Feb 05)
- Re: directory traversal Philip Rowlands (Feb 06)
- Re: directory traversal Piyush Agarwal (Feb 06)
- <Possible follow-ups>
- RE: directory traversal Shane Miller (Feb 05)
- RE: directory traversal Levenglick, Jeff (Feb 06)
- RE: directory traversal Piyush Agarwal (Feb 07)
- Re: directory traversal Robert Collins (Feb 07)
- Re: directory traversal Steve (Feb 07)
- Re: directory traversal Michel Arboi (Feb 14)
- RE: directory traversal Piyush Agarwal (Feb 07)