Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: Handler Mapped File Extensions Bug
From: DBraaten () IMG SEAGATESOFTWARE COM (Darryl Braaten)
Date: Thu, 26 Feb 1998 09:46:29 -0800

The displaying of file system path seems to be limited to IIS3 servers.
The installs of IIS4 I have only returned the path as provided in the
URL.
http://someserver/asp/something.stm
Error processing SSI file '/asp/something.stm'

I could not reproduce the ability to read raw source.  Perhaps the
system that it was possible to read the source from did not have the .
bug fix applied.


Darryl

-----Original Message-----
From: Tanstaafl [mailto:Tanstaafl () GEOCITIES COM]
Sent: Wednesday, February 25, 1998 3:00 PM
To: BUGTRAQ () NETSPACE ORG
Subject: Handler Mapped File Extensions Bug


<SNIP>

        http://www.victim.com/asp/something.stm/asp/something.asp

Returns the raw "something.asp" code in the directory
'd\main\WWW\asp\'

        This includes any other files you've included as information
handlers, ( Java class files, VB files, etc...) even encrypted
password files. As long as you know the file names you can access the
raw code. (This also means you can download it.)

        I'd like to thank "Micha³ Zalewski"
<lcamtuf () boss staszic waw pl> for his help in discovering this
problem. I'll further investigate this problem.

blaze your trail!
--
David Dune

Unsolicited commercial email read for $500 per message.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]