[10874] in bugtraq
IIS 4.0 symlinks
daemon@ATHENA.MIT.EDU (Aris Yahnis)
Mon Jun 21 13:51:07 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.3.96.990618180005.27826A-100000@andromeda.delta.edu.gr>
Date: Fri, 18 Jun 1999 18:13:53 +0300
Reply-To: Aris Yahnis <mig@DELTA.EDU.GR>
From: Aris Yahnis <mig@DELTA.EDU.GR>
To: BUGTRAQ@NETSPACE.ORG
Hi,
I'm sorry if this is old or has been discussed before or it is even not a
bug...But.I have a system with IIS 4.0 installed + sp5 and i noticed
something.If a user has on his page a file misc.lnk wich was created in
his own probably NT box, and this file points anywhere on the web servers
file,then when he will try to view the file he will be able to see the
contents of the file the .lnk points to.
Example xploit:
Find a web hosting site,create a fictious account , make a shortcut of a
file you would like to see ex. c:\winnt\profiles\administrator\ntuser.dat
upload the .lnk file to the web server and then go ask for it.Answer yes
to open the file remotely ( or something like that).
Now the q: Is it a feature of IIS to follow links? or is it a bug.
PS. I thought this thing over and i couldn't find a help with closing
link-following.
With regards Mig
