Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

RE: Apache Http Server Reveals Script Source Code to Remote Users And Any Users Can Access The Forbidden Directory ("/WEB-INF/")
From: "J." <jeruvy () shaw ca>
Date: Sat, 14 Feb 2004 09:11:40 -0700
I don't acknowledge this.

I tested this with Windows XPsp1 running IE 6.0.2800 with latest
patches.  Running on the latest build of Apache server on the same box.

IE knew the difference between 'web-inf..' And 'web-inf.' and
'web-inf...' (so did apache).  Matter of a fact creating separate pages
with these names resulted in separate loading.

Perhaps your 'claim' can be further substatiated by what 'you' are doing
to IE to cause this.

J.


:> -----Original Message-----
:> From: Alun Jones [mailto:alun () texis com] 
:> Sent: Thursday, February 12, 2004 5:32 PM
:> To: 'Peter J. Holzer'; bugtraq () securityfocus com
:> Subject: RE: Apache Http Server Reveals Script Source Code 
:> to Remote Users And Any Users Can Access The Forbidden 
:> Directory ("/WEB-INF/")
:> 
:> 
:> > -----Original Message-----
:> > From: Peter J. Holzer [mailto:hjp () wsr ac at]
:> > Sent: Wednesday, February 11, 2004 6:50 AM
:> > 
:> > Right. On Unix "WEB-INF" and "WEB-INF.." are two 
:> different, legal file 
:> > names. On Windows, trailing dots seem to be ignored, so 
:> "WEB-INF" and 
:> > "WEB-INF.." are just two names for the same file. This 
:> also works if 
:> > the filename already has an extension, so for example 
:> "foo.html" and
:> > "foo.html....." are the same file, too. I wonder whether 
:> that can be
:> > exploited, too: Get the contents of a CGI script by requesting
:> > "foo.cgi."?
:> 
:> It's been done before - certainly in IIS, there was a bug 
:> where getting a "filename.asp." URL gave you the source of 
:> the ASP script.  Same for "filename.asp:$DATA".
:> 
:> Alun.
:> ~~~~
:> -- 
:> Texas Imperial Software   | Find us at http://www.wftpd.com or email
:> 1602 Harvest Moon Place   | alun () texis com 
:> Cedar Park TX 78613-1419  | WFTPD, WFTPD Pro are Windows FTP 
:> servers. Fax/Voice +1(512)258-9858 | Try our NEW client 
:> software, WFTPD Explorer.
:> 
:>

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]