|
Bugtraq
mailing list archives
More info on MS00-019
From: rfp () WIRETRIP NET (rain forest puppy)
Date: Fri, 7 Apr 2000 12:25:33 -0500
In usual tradition, little information is to be had about the "Virtualized
UNC Share" problem talked about in MS00-019. Luckily, MS was nice enough
to submit an extra post to Bugtraq to give Adam Coyne credit.
Anyways, for those of you interested in the problem, making a request for
a file with a trailing '\' from a virtual directory hosted on a UNC share
will cause the source to be given. So, for example:
Virtual directory: /test/ -> \\some_server\share\
There exists \\some_server\share\test.asp
Now a simple request such as "GET /test/test.asp\ HTTP/1.0" will yeild the
source of test.asp.
- rain forest puppy
ps. No, I'm not dead. Fun stuff coming up *very* soon. :)
 By Date 
By Thread
Current thread:
- More info on MS00-019 rain forest puppy (Apr 07)
|
Intro
