Next message: Doru Petrescu: "Re: Apache HTTPD's magical behavior"
Russell:
I'm sorry if there is any confusion, however these 2 URL's are
different. backbone.sourceforge.com is redirected to 'sourceforge.net'and
backbone.sourceforge.net has directory browsing available anyways. by
attempting to access: backbone.sourceforge.com/mrtg-2.8.12/ I get a 404.
when trying to access backbone.sourceforge.net/mrtg-2.8.12/ I show up with
"Index of...."
when attempting to add .. to the directory, obviously i get
backbone.sourceforge.net's directory because its browseable anyways.
Could you please explain further on any other findings?
Thanks,
Ryan Yagatich
On Fri, 30 Nov 2001, Russell Handorf wrote:
-Today I was browsing the Internet when I came across a server that would
-not let me view the contents of the root dir.
-
-However, it did let me view the contents of a dir within it's root dir. So
-I tried the following:
-
-http://>/<dir i can browse>../
-
-And for some reason it allowed me to view the root dir and all of its contents.
-
-Anyone else have this problem?
-
-I submit the following example.
-
-First, go to
-
-http://backbone.sourceforge.com
-
-now, go to
-
-http://backbone.sourceforge.net/mrtg-2.8.12/.. (Don't forget the '..'s)
-
-I know the server log's it as viewing the readable dir plus the /.. and
-that files within the root dir, once exposed via the '..', may have a
-problem with being downloaded. That is easily circumvented via adding in
-the file name after .. (ex: http://>/<dir>/../<file>
-
-
-russ
-==================================
-Russell Handorf
-oooo, shiney ::Wanders after it::
-
-www.russells-world.com
-www.inside-aol.com
-www.terrorists.net
-www.bad-mother-fucker.org
-www.philly2600.net
-
-"Computer games don't affect kids, I mean if Pacman affected us as kids,
-we'd all be running around in darkened rooms, munching pills and listening
-to repetitive music." ~unknown
-==================================
-
This archive was generated by hypermail 2b30
: Fri Nov 30 2001 - 12:19:59 PST