On 2 Aug 2001, hypoclear wrote: > I posted this to bugtraq, but I'm not sure if it > will be posted, so I will post here too... It won't be. If this was posted to Bugtraq I would expect the next event to occur would be hell freezing over and the end of the world. > > --- > I recently viewed a web page on a server running > IIS 4.0 and accidently appended a \ > after the url. This to my suprise caused the page > to download. This occured under > Netscape 4.6 (IE5 appears to ignore the \). I was > wondering if anyone else could > confirm this behavior. It is not my server so I I can. It is called normal dumb browser behaviour, not big webserver security hole. You want a hole, dig one, you are going nowhere with this. > cannot do extensive testing on it, so I'm > bringing it to the community. The file that > downloaded was a .html file, however I am > curious if appending a \ has the possibility of > downloading .asp's or .cgi's. If that was Why not try it? You'd see that it doesn't work. The only time appending characters to the end of an ASP would download it would be if the person was running IIS 4.0 and the ASP resided on a mapped drive and the admin didn't install a patch from way back in 98. I doubt that is the case here. The reason the file was downloaded is because netscape is stupid. End of story. IE didn't download the file not because it ignored the slash...when you add a slash it assumes you want the directory /index.html/ which could be a valid directory...the webserver however did remove the slash. > true it would be a definite security hole. Email > me hypoclearat_private or the list with > any findings. > Good call. > hypoclear > I love that name, I'm making a nameplate and putting it on my door. -Stan -- Stan Bubrouski stanat_private 23 Westmoreland Road, Hingham, MA 02043 Cell: (617) 835-3284
This archive was generated by hypermail 2b30 : Thu Aug 02 2001 - 20:51:28 PDT