The old "." problem

From: nblasgenat_private
Date: Wed Oct 13 1999 - 15:31:02 PDT

Next message: Luca Berra: "Re: Security of "Virtual Network Computer""

Previous message: Finjan Software (by way of Tim Wieneke
Next in thread: David Zverina: "Re: The old "." problem"
Reply: David Zverina: "Re: The old "." problem"
Reply: S.Faust: "Re: The old "." problem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

A while back there was the problem of Windows HTTP servers with CGI and
other sever parsed pages (ASF, SMX, etc) if you added a "." to the end it
would give you the raw code in TEXT format.  I understand how that was a
security problem.

Just noticed that the same problem is true for at least one Windows FTP
server, Serv-U.  I can't find a problem with being able to request files
with a extra "." at the end.  I was unable to test the idea of downloading
files that I had no permissions too.

Nicholas Blasgen
Refract, LLC

Next message: Luca Berra: "Re: Security of "Virtual Network Computer""
Previous message: Finjan Software (by way of Tim Wieneke
Next in thread: David Zverina: "Re: The old "." problem"
Reply: David Zverina: "Re: The old "." problem"
Reply: S.Faust: "Re: The old "." problem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:07:31 PDT