[10762] in bugtraq
Re: Netscape Fasttrack 3.01 allows directory listing
daemon@ATHENA.MIT.EDU (Demian Ginther)
Wed Jun 9 14:56:23 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: QUOTED-PRINTABLE
Message-Id: <s75e2446.085@salud.unm.edu>
Date: Wed, 9 Jun 1999 08:22:14 -0600
Reply-To: Demian Ginther <dginther@SALUD.UNM.EDU>
From: Demian Ginther <dginther@SALUD.UNM.EDU>
To: BUGTRAQ@NETSPACE.ORG
This same thing works on FastTrack 3.5 for Netware.
You can also put any directory name after the / to see what's in the lo=
wer directories.
>>> Jes=FAs_L=F3pez_de_Aguileta <jesus.la@ACC-COMUNICACION.ES> 06/07/99=
02:59AM >>>
Hi all,
I recently have downloaded a trial version of Fasttrack server (3.01) f=
or NT
According to Netscape documentation:
----8<------------------------8<-------------------8<---
Specifying index filenames
If a document name is not specified in the URL,
and the server finds a file with this name in a
document directory, it assumes that file is the
index file. The server automatically displays this
file when no specific file is requested. The defaults
are index.html and home.html. If more than
one name is specified, the server looks in the
order in which the names you specified appear
until one is found. For example, if your index
filenames are index.html, home.html, the
server first looks for index.html, and if the
server doesn't find it, then the server looks for
home.html.
------8<--------------8<---------------8<--------------------
Well, having this configuration:
Index Filenames: index.html
Directory indexing: fancy or simple
and HAVING a index.html file in root directory
if you telnet to default httpd port and type:
get / (lowercase)
You will get a directory listing of the root directory.
Workaround: Disable directory listing.
Netscape has been notified.
Regards,
Jes=FAs L=F3pez de Aguileta
Eunate Net
jesus.la@acc-comunicacion.es
