What version of Serv-U did you test? On my side with the latest version ( as of 16/10/99 ) it did'nt work. Log : C:\TEMP\test>ftp slaughter Connected to slaughter. 220 Serv-U FTP-Server v2.5a for WinSock ready... User (slaughter:(none)): test 331 User name okay, need password. Password: 230 User logged in, proceed. ftp> cd test 250 Directory changed to /c:/ftp/test ftp> ls -l 200 PORT Command successful. 150 Opening ASCII mode data connection for /bin/ls. -rwx------ 1 user group 0 Oct 16 19:50 servu-ftpd-dot-test.txt 226 Transfer complete. 80 bytes received in 0.00 seconds (80000.00 Kbytes/sec) ftp> get servu-ftpd-dot-test.txt 200 PORT Command successful. 550 Permission denied. ftp> get servu-ftpd-dot-test.txt. 200 PORT Command successful. 550 Permission denied. ftp> get servu-ftpd-dot-test.txt.. 200 PORT Command successful. 550 Permission denied. ftp> get servu-ftpd-dot-test.txt....................................... 200 PORT Command successful. 550 Permission denied. ftp> ----- Original Message ----- From: <nblasgenat_private> To: <BUGTRAQat_private> Sent: Wednesday, October 13, 1999 6:31 PM Subject: The old "." problem > A while back there was the problem of Windows HTTP servers with CGI and > other sever parsed pages (ASF, SMX, etc) if you added a "." to the end it > would give you the raw code in TEXT format. I understand how that was a > security problem. > > Just noticed that the same problem is true for at least one Windows FTP > server, Serv-U. I can't find a problem with being able to request files > with a extra "." at the end. I was unable to test the idea of downloading > files that I had no permissions too. > > Nicholas Blasgen > Refract, LLC
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:07:44 PDT