RE: IIS 4.0 leaking files?

From: Colby Marks (Colbyat_private)
Date: Thu Aug 02 2001 - 17:22:00 PDT

  • Next message: Frederic.Raynalat_private: "format string builder howto v0.1"

    I could not reproduce this on IE 5.5 Win2k Svr or Netscape 4.7
    I tested asp files on IIS5 SP2 and IIS5 SP1 win2k Svr.
    
    -Colby
    
    -----Original Message-----
    From: hypoclearat_private [mailto:hypoclearat_private]
    Sent: Thursday, August 02, 2001 2:46 PM
    To: vuln-devat_private
    Subject: IIS 4.0 leaking files?
    
    
    I posted this to bugtraq, but I'm not sure if it 
    will be posted, so I will post here too...
    
    ---
    I recently viewed a web page on a server running 
    IIS 4.0 and accidently appended a \
    after the url. This to my suprise caused the page 
    to download. This occured under
    Netscape 4.6 (IE5 appears to ignore the \). I was 
    wondering if anyone else could
    confirm this behavior. It is not my server so I 
    cannot do extensive testing on it, so I'm
    bringing it to the community. The file that 
    downloaded was a .html file, however I am
    curious if appending a \ has the possibility of 
    downloading .asp's or .cgi's. If that was
    true it would be a definite security hole. Email 
    me hypoclearat_private or the list with
    any findings.
    
    hypoclear
    



    This archive was generated by hypermail 2b30 : Thu Aug 02 2001 - 20:53:53 PDT