Today I was browsing the Internet when I came across a server that would not let me view the contents of the root dir. However, it did let me view the contents of a dir within it's root dir. So I tried the following: http://>/<dir i can browse>../ And for some reason it allowed me to view the root dir and all of its contents. Anyone else have this problem? I submit the following example. First, go to http://backbone.sourceforge.com now, go to http://backbone.sourceforge.net/mrtg-2.8.12/.. (Don't forget the '..'s) I know the server log's it as viewing the readable dir plus the /.. and that files within the root dir, once exposed via the '..', may have a problem with being downloaded. That is easily circumvented via adding in the file name after .. (ex: http:// >/<dir>/../<file> russ ================================== Russell Handorf oooo, shiney ::Wanders after it:: www.russells-world.com www.inside-aol.com www.terrorists.net www.bad-mother-fucker.org www.philly2600.net "Computer games don't affect kids, I mean if Pacman affected us as kids, we'd all be running around in darkened rooms, munching pills and listening to repetitive music." ~unknown ==================================
This archive was generated by hypermail 2b30 : Fri Nov 30 2001 - 11:37:35 PST