|
Vulnerability Development
mailing list archives
IIS 4.0 leaking files?
From: hypoclear <hypoclear () jungle net>
Date: 2 Aug 2001 18:46:00 -0000
I posted this to bugtraq, but I'm not sure if it
will be posted, so I will post here too...
---
I recently viewed a web page on a server running
IIS 4.0 and accidently appended a \
after the url. This to my suprise caused the page
to download. This occured under
Netscape 4.6 (IE5 appears to ignore the \). I was
wondering if anyone else could
confirm this behavior. It is not my server so I
cannot do extensive testing on it, so I'm
bringing it to the community. The file that
downloaded was a .html file, however I am
curious if appending a \ has the possibility of
downloading .asp's or .cgi's. If that was
true it would be a definite security hole. Email
me hypoclear () jungle net or the list with
any findings.
hypoclear
 By Date 
By Thread
Current thread:
- IIS 4.0 leaking files? hypoclear (Aug 02)
|
Intro
