I also tried it, but I think you might be missing what it is doing. It looks like it takes the cd \ and ignores everything after it. I tried cd \.\ and cd \..\ and got the same results -----Original Message----- From: Piyush Agarwal [mailto:pvagarwalat_private] Sent: Wednesday, February 06, 2002 1:31 PM To: Jim Nanney; Strumpf Noir Society Cc: vuln-devat_private Subject: Re: directory traversal On Win 2k (running cmd.exe) C:\>cd winnt C:\WINNT>cd system32 C:\WINNT\system32>cd \...\ C:\> On same machine (now running Command.com) C:\>cd winnt C:\WINNT>cd system32 C:\WINNT\SYSTEM32>cd \...\ Invalid directory C:\WINNT\SYSTEM32> So u can see that on Win2K the triple dot traversal works in cmd.exe but not in command.com......anyone wanting to dig deeper in this ?? :-) - Piyush Agarwal --- Jim Nanney <jnanneyat_private> wrote: > I'm just a lurker here, but a simple thought... > > I saw this and thought well it probably has to do > with cmd.exe of win2k > > On my win2k machine using cmd.exe: > ************************************ > > C:\>cd winnt\system32\drivers > > C:\WINNT\system32\drivers>cd \...\ > > C:\> > > on my win98 machine using command.com > ************************************* > > C:\>cd windows\system32\drivers > > C:\WINDOWS\SYSTEM32\DRIVERS>cd \...\ > Bad command or file name > > C:\WINDOWS\SYSTEM32\DRIVERS> > > Can't give you reasons why, but given the little > information supplied I > would bet it would be system calls opening a shell > and thus the reason for > the /.../ working on win2k and not 98. > > --Jim Nanney > __________________________________________________ Do You Yahoo!? Send FREE Valentine eCards with Yahoo! Greetings! http://greetings.yahoo.com ____________________________________________________________________________ This e-mail message is private and may contain confidential or privileged information.
This archive was generated by hypermail 2b30 : Wed Feb 06 2002 - 12:37:15 PST