Next message: Iván Arce: "Re: UUCP"
as it turns out the servers i tried this against had a miss-configuration.
when i was working on this with other people, on their log's it showed that
i was accessing the dir that was before the '..'
a miss config in their httpd.conf file was corrected, and the problem solved.
sorry for the confusion :)
russ
At 02:55 PM 11/30/2001 -0500, you wrote:
>Russell:
> I'm sorry if there is any confusion, however these 2 URL's are
>different. backbone.sourceforge.com is redirected to 'sourceforge.net'and
>backbone.sourceforge.net has directory browsing available anyways. by
>attempting to access: backbone.sourceforge.com/mrtg-2.8.12/ I get a 404.
>when trying to access backbone.sourceforge.net/mrtg-2.8.12/ I show up with
>"Index of...."
>
>when attempting to add .. to the directory, obviously i get
>backbone.sourceforge.net's directory because its browseable anyways.
>
>Could you please explain further on any other findings?
>
>Thanks,
>Ryan Yagatich
>
>
>
>
>On Fri, 30 Nov 2001, Russell Handorf wrote:
>
>-Today I was browsing the Internet when I came across a server that would
>-not let me view the contents of the root dir.
>-
>-However, it did let me view the contents of a dir within it's root dir. So
>-I tried the following:
>-
>-http://>/<dir i can browse>../
>-
>-And for some reason it allowed me to view the root dir and all of its
>contents.
>-
>-Anyone else have this problem?
>-
>-I submit the following example.
>-
>-First, go to
>-
>-http://backbone.sourceforge.com
>-
>-now, go to
>-
>-http://backbone.sourceforge.net/mrtg-2.8.12/.. (Don't forget the
>'..'s)
>-
>-I know the server log's it as viewing the readable dir plus the /.. and
>-that files within the root dir, once exposed via the '..', may have a
>-problem with being downloaded. That is easily circumvented via adding in
>-the file name after .. (ex: http://>/<dir>/../<file>
>-
>-
>-russ
>-==================================
>-Russell Handorf
>-oooo, shiney ::Wanders after it::
>-
>-www.russells-world.com
>-www.inside-aol.com
>-www.terrorists.net
>-www.bad-mother-fucker.org
>-www.philly2600.net
>-
>-"Computer games don't affect kids, I mean if Pacman affected us as kids,
>-we'd all be running around in darkened rooms, munching pills and listening
>-to repetitive music." ~unknown
>-==================================
>-
==================================
Russell Handorf
oooo, shiney ::Wanders after it::
www.russells-world.com
www.inside-aol.com
www.terrorists.net
www.bad-mother-fucker.org
www.philly2600.net
"Computer games don't affect kids, I mean if Pacman affected us as kids,
we'd all be running around in darkened rooms, munching pills and listening
to repetitive music." ~unknown
==================================
This archive was generated by hypermail 2b30
: Fri Nov 30 2001 - 12:48:37 PST