Well this is IIS 5.0's response to a request for HTML file with \ appended: ----------------------------------------------------------------- GET /default.htm\ HTTP/1.0 HTTP/1.1 404 Object Not Found Server: Microsoft-IIS/5.0 Date: Fri, 03 Aug 2001 11:58:37 GMT Content-Length: 3252 Content-Type: text/html <snip> ----------------------------------------------------------------- Two things to look at here, default.htm does exist and the webserver reports the file is not found. The Content-Type is therefore text/html because it is spiting out the default MS 404 page. Here is the servers response to the request without the \: ----------------------------------------------------------------- GET /default.htm HTTP/1.0 HTTP/1.1 200 OK Server: Microsoft-IIS/5.0 Date: Fri, 03 Aug 2001 12:07:25 GMT Content-Type: text/html Accept-Ranges: bytes Last-Modified: Tue, 20 Feb 2001 10:35:10 GMT ETag: "70fbd2cc289bc01:ab8" Content-Length: 846 <snip> ------------------------------------------------------------------ And here is IIS 4.0's response to a request for HTML file with \ appeneded: ----------------------------------------------------------------- GET /Default.htm\ HTTP/1.0 HTTP/1.1 404 Object Not Found Server: Microsoft-IIS/4.0 Date: Fri, 03 Aug 2001 12:11:28 GMT Content-Length: 461 Content-Type: text/html <snip> ----------------------------------------------------------------- Here is the response of the same server without appending the \: ----------------------------------------------------------------- GET /Default.htm HTTP/1.0 HTTP/1.1 200 OK Server: Microsoft-IIS/4.0 Date: Fri, 03 Aug 2001 12:11:37 GMT Content-Type: text/html Accept-Ranges: bytes Last-Modified: Tue, 12 Jun 2001 15:53:47 GMT ETag: "2ec4a9dd57f3c01:104f" Content-Length: 11770 <snip> ----------------------------------------------------------------- On Fri, 3 Aug 2001, [iso-8859-1] Michel Arboi wrote: > --- "Stanley G. Bubrouski" <stanat_private> a écrit : > > I can. It is called normal dumb browser behaviour > > No. This behaviour does not come from the browser. Try to telnet to > some IIS web server, send it a GET or a HEAD request on /index.htm and > /index.htm/ and see how the content type changes from "text/html" to > "application/octet-stream". > The server is doing this. > BTW, this work with \ or / too. > Well actually yeah it does. Older versions of netscape are broken. Set up the same environment the user who reported this had and you will see netscape is incorrectly changing the mime-type, not the server. Sometimes servers do change the content-type of requested files but this is not a default behaviour of IIS 4/5/6, it is cause by misconfiguration and by some add-ons/extensions to the server which are inherently broken, but again I do not believe that is the case here. > > not big webserver security hole. > > Well, I could not download any ASP with this. I did not try other > extensions. Why bother, you think nobody else has tried? :P > > > The reason the file was downloaded is because netscape is > > stupid. > > No the reason is that IIS is buggy. Not a big bug apparently, but > something dirty. > IIS isn't just buggy, it's dangerous. But the blame needs to go where it belongs. Old Netscape browsers. > > /index.html/ which could be a valid directory...the webserver > > however did remove the slash. > > It removed the slash but somehow decided that the extension of the URI > was "html/". "htm" or "html" should be sent as "text/html", but it has > no rule for "html/"; so it reverts to the default > "application/octet-stream" type. > Just my 0.02 EUR > No. First of all the default mime-type is text/html if it is application/octet-stream the default has been modified. And i windows filenames cannot contain a '/' so if IIS recives a request that ends in a '/' it assumes the characters preceding it are a directory. IIS versions after 3.0 allow directories to have names like document.doc, so appending a slash reurns not found if you append it to a filename: ------------------------------------------------------------------- GET /default.htm/ HTTP/1.0 HTTP/1.1 404 Object Not Found Server: Microsoft-IIS/5.0 Date: Fri, 03 Aug 2001 12:14:19 GMT Content-Length: 3252 Content-Type: text/html ------------------------------------------------------------------- /default.htm exists but by adding a slash IIS is looking for a directory named /default.htm/ and it is not found so it doesn't work. > > > hypoclear > > I love that name, I'm making a nameplate and putting it on my door. > > Could we have a discount if we buy several at once? :) Absolutely not. :P > > > ___________________________________________________________ > Do You Yahoo!? -- Vos albums photos en ligne, > Yahoo! Photos : http://fr.photos.yahoo.com > -Stan -- Stan Bubrouski stanat_private 23 Westmoreland Road, Hingham, MA 02043 Cell: (617) 835-3284
This archive was generated by hypermail 2b30 : Fri Aug 03 2001 - 10:43:22 PDT