Russell: I'm sorry if there is any confusion, however these 2 URL's are different. backbone.sourceforge.com is redirected to 'sourceforge.net'and backbone.sourceforge.net has directory browsing available anyways. by attempting to access: backbone.sourceforge.com/mrtg-2.8.12/ I get a 404. when trying to access backbone.sourceforge.net/mrtg-2.8.12/ I show up with "Index of...." when attempting to add .. to the directory, obviously i get backbone.sourceforge.net's directory because its browseable anyways. Could you please explain further on any other findings? Thanks, Ryan Yagatich On Fri, 30 Nov 2001, Russell Handorf wrote: -Today I was browsing the Internet when I came across a server that would -not let me view the contents of the root dir. - -However, it did let me view the contents of a dir within it's root dir. So -I tried the following: - -http://>/<dir i can browse>../ - -And for some reason it allowed me to view the root dir and all of its contents. - -Anyone else have this problem? - -I submit the following example. - -First, go to - -http://backbone.sourceforge.com - -now, go to - -http://backbone.sourceforge.net/mrtg-2.8.12/.. (Don't forget the '..'s) - -I know the server log's it as viewing the readable dir plus the /.. and -that files within the root dir, once exposed via the '..', may have a -problem with being downloaded. That is easily circumvented via adding in -the file name after .. (ex: http:// >/<dir>/../<file> - - -russ -================================== -Russell Handorf -oooo, shiney ::Wanders after it:: - -www.russells-world.com -www.inside-aol.com -www.terrorists.net -www.bad-mother-fucker.org -www.philly2600.net - -"Computer games don't affect kids, I mean if Pacman affected us as kids, -we'd all be running around in darkened rooms, munching pills and listening -to repetitive music." ~unknown -================================== -
This archive was generated by hypermail 2b30 : Fri Nov 30 2001 - 12:19:59 PST