Re: IIS 4.0 leaking files?

From: ___cliff rayman___ (cliffat_private)
Date: Thu Aug 02 2001 - 12:37:50 PDT

  • Next message: Ian Stoba: "Re: IIS 4.0 leaking files?"

    hypoclear wrote:
    
    > I posted this to bugtraq, but I'm not sure if it
    > will be posted, so I will post here too.
    
    not if it is evaluated first.
    
    >
    
    >
    >
    > ---
    > I recently viewed a web page on a server running
    > IIS 4.0 and accidently appended a \
    > after the url. This to my suprise caused the page
    > to download. This occured under
    
    this is standard.  everything after the last slash
    would be available to a cgi program from the
    environment variable:
    PATH-INFO
    
    >
    > Netscape 4.6 (IE5 appears to ignore the \). I was
    > wondering if anyone else could
    > confirm this behavior. It is not my server so I
    
    everyone else can - yes.
    
    >
    > cannot do extensive testing on it, so I'm
    > bringing it to the community. The file that
    > downloaded was a .html file, however I am
    > curious if appending a \ has the possibility of
    > downloading .asp's or .cgi's. If that was
    > true it would be a definite security hole. Email
    
    nope.  not unless the server were misconfigured.
    you will just get the html code spit out by the
    .asp or .cgi script
    
    >
    > me hypoclearat_private or the list with
    > any findings.
    >
    > hypoclear
    
    --
    ___cliff rayman___cliffat_private___http://www.genwax.com/
    



    This archive was generated by hypermail 2b30 : Thu Aug 02 2001 - 20:42:07 PDT