Simply put, Cmd.exe is different then Command.com. Notice the header on your W2K machine when you start/run/cmd vs command. Command.com is a 16-bit command interpreter program. Cmd.exe is a 32-bit win32 application. Notice long file/directory name handling between the two by experimenting with 'cd' command. HTH Shane > -----Original Message----- > From: Jim Nanney [mailto:jnanneyat_private] > Sent: Tuesday, February 05, 2002 4:29 PM > To: Strumpf Noir Society > Cc: vuln-devat_private > Subject: Re: directory traversal > > > I'm just a lurker here, but a simple thought... > > I saw this and thought well it probably has to do with > cmd.exe of win2k > > On my win2k machine using cmd.exe: > ************************************ > > C:\>cd winnt\system32\drivers > > C:\WINNT\system32\drivers>cd \...\ > > C:\> > > on my win98 machine using command.com > ************************************* > > C:\>cd windows\system32\drivers > > C:\WINDOWS\SYSTEM32\DRIVERS>cd \...\ > Bad command or file name > > C:\WINDOWS\SYSTEM32\DRIVERS> > > Can't give you reasons why, but given the little information > supplied I would bet it would be system calls opening a shell > and thus the reason for the /.../ working on win2k and not 98. > > --Jim Nanney > > > On Tue, 5 Feb 2002, Strumpf Noir Society wrote: > > > Hi, > > > > Does anyone know any reasons why a good ol' "triple dot" directory > > traversal ("/.../") would succeed on Win2k only and not for > example on > > Win9x systems running the exact same application and configuration? > > > > Much obliged :) > > > > Thejian > > > > -- > > Best regards, > > Strumpf Noir Society > mailto:vuln-devat_private > > > > > > "Mere > accumulation of observational evidence is not proof." > > > > -- Death, "The Hogfather" > > > > > >
This archive was generated by hypermail 2b30 : Tue Feb 05 2002 - 15:33:35 PST