hi, It seems you are right... But here is something more that I found: (Running cmd.exe on Win2k) Microsoft Windows 2000 [Version 5.00.2195] (C) Copyright 1985-2000 Microsoft Corp. C:\>cd winnt\system32 C:\WINNT\system32>cd \.\ C:\>cd winnt\system32 C:\WINNT\system32>cd \..\ C:\>cd winnt\system32 C:\WINNT\system32>cd \...\ C:\>cd winnt\system32 C:\WINNT\system32>cd \....\ C:\>cd winnt\system32 C:\WINNT\system32>cd \.........\ C:\>cd winnt\system32 The system cannot find the path specified. C:\>cd winnt\system32 The system cannot find the path specified. C:\>cd winnt The system cannot find the path specified. C:\> It seems that the cd command just stops working when I carried out the above steps......weird!! Anybody care to explain ? Regards, Piyush Agarwal --- "Levenglick, Jeff" <jlevenglickat_private> wrote: > I also tried it, but I think you might be missing > what it is doing. > > It looks like it takes the cd \ and ignores > everything after it. > > I tried cd \.\ and cd \..\ and got the same results > > -----Original Message----- > From: Piyush Agarwal [mailto:pvagarwalat_private] > Sent: Wednesday, February 06, 2002 1:31 PM > To: Jim Nanney; Strumpf Noir Society > Cc: vuln-devat_private > Subject: Re: directory traversal > > > On Win 2k (running cmd.exe) > > C:\>cd winnt > > C:\WINNT>cd system32 > > C:\WINNT\system32>cd \...\ > > C:\> > > On same machine (now running Command.com) > > C:\>cd winnt > > C:\WINNT>cd system32 > > C:\WINNT\SYSTEM32>cd \...\ > Invalid directory > > C:\WINNT\SYSTEM32> > > So u can see that on Win2K the triple dot traversal > works in cmd.exe but not in command.com......anyone > wanting to dig deeper in this ?? :-) > > - Piyush Agarwal > > > --- Jim Nanney <jnanneyat_private> wrote: > > I'm just a lurker here, but a simple thought... > > > > I saw this and thought well it probably has to do > > with cmd.exe of win2k > > > > On my win2k machine using cmd.exe: > > ************************************ > > > > C:\>cd winnt\system32\drivers > > > > C:\WINNT\system32\drivers>cd \...\ > > > > C:\> > > > > on my win98 machine using command.com > > ************************************* > > > > C:\>cd windows\system32\drivers > > > > C:\WINDOWS\SYSTEM32\DRIVERS>cd \...\ > > Bad command or file name > > > > C:\WINDOWS\SYSTEM32\DRIVERS> > > > > Can't give you reasons why, but given the little > > information supplied I > > would bet it would be system calls opening a shell > > and thus the reason for > > the /.../ working on win2k and not 98. > > > > --Jim Nanney > > > > > > __________________________________________________ > Do You Yahoo!? > Send FREE Valentine eCards with Yahoo! Greetings! > http://greetings.yahoo.com > > ____________________________________________________________________________ > This e-mail message is private and may contain > confidential or privileged > information. __________________________________________________ Do You Yahoo!? Send your FREE holiday greetings online! http://greetings.yahoo.com
This archive was generated by hypermail 2b30 : Thu Feb 07 2002 - 13:00:37 PST