|
Bugtraq
mailing list archives
Re: shtml.exe reveal local path of IIS web directory
From: matt () TELEPATH COM (Matt Carothers)
Date: Sat, 13 May 2000 14:17:11 -0500
Microsoft's frontpage module for Apache displays the same behavior.
http://www.whoever.com/_vti_bin/shtml.exe/whatever.html returns
'Cannot open "/document/root/whatever.html": no such file or folder.'
http://www.whoever.com/_vti_bin/shtml.exe/whatever.something returns
'Cannot run the FrontPage Server Extensions' Smart HTML interpreter on this
non-HTML page: "whatever.something"'
Tested on mod_frontpage/3.0.4.3
- Matt
On Mon, 8 May 2000, SMILER wrote:
I tested this in WIN NT 4.0 and it also reveal local path of iis Web
Directory.
-----Original Message-----
From: Frankie Zie <root () CNNS NET>
To: BUGTRAQ () SECURITYFOCUS COM <BUGTRAQ () SECURITYFOCUS COM>
Date: Domingo, 7 de Maio de 2000 22:08
Subject: shtml.exe reveal local path of IIS web directory
http://207.69.190.42/_vti_bin/shtml.exe/postinfo1.html
We get the following message:
Cannot open "d:\inetpub\wwwroot\postinfo1.html": no such
file or folder.
By the way, if we request file that does not exist and the
extention file name is not html, shtml or asp, such as
http://207.69.190.42/_vti_bin/shtml.exe/postinfo1.exe,
We'll get different message:
Cannot run the FrontPage Server Extensions' Smart HTML
interpreter on this non-HTML page: "postinfo1.exe"
 By Date 
By Thread
Current thread:
|
Intro
