[13626] in bugtraq
Re: Disable Parent Paths
daemon@ATHENA.MIT.EDU (Gary Geisbert)
Tue Feb 1 14:18:14 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <NDBBJLKPHKLEJDMHDBIOGENBCBAA.gary@newsletters.com>
Date: Mon, 31 Jan 2000 15:48:57 -0500
Reply-To: gary@newsletters.com
From: Gary Geisbert <gary@NEWSLETTERS.COM>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <8F0F57AEE769D211B6410008C756E13B05A92F36@ntmailk.tandy.com>
>*snip*
>
>my question: What security hole/hack does this create if left enabled?.
>
> *snip*
That all depends on how well the box is already configured.. =/ However,
one of the most notable problems is with Allow Parent Paths enabled, an ASP
script using the FileSystemObject coupled with Server.MapPath(), can open up
the source for scripts/files (or even worse, write something into the other
scripts/files).
This was illustrated in an advisory released by l0pht a few months ago,
which used a script that IIS installs by default. It used the sample file
(showcode.asp I believe) to open up files like global.asa, which could
reveal database user/pass's as well as all sorts of information.
Gary Geisbert
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Senior Systems Engineer gary@newsletters.com
Newsletters.com http://www.newsletters.com
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
