[6189] in bugtraq
Re: Handler Mapped File Extensions Bug
daemon@ATHENA.MIT.EDU (Darryl Braaten)
Fri Feb 27 17:52:20 1998
Date: Thu, 26 Feb 1998 09:46:29 -0800
Reply-To: Darryl Braaten <DBraaten@IMG.SEAGATESOFTWARE.COM>
From: Darryl Braaten <DBraaten@IMG.SEAGATESOFTWARE.COM>
To: BUGTRAQ@NETSPACE.ORG
The displaying of file system path seems to be limited to IIS3 servers.
The installs of IIS4 I have only returned the path as provided in the
URL.
http://someserver/asp/something.stm
Error processing SSI file '/asp/something.stm'
I could not reproduce the ability to read raw source. Perhaps the
system that it was possible to read the source from did not have the .
bug fix applied.
Darryl
-----Original Message-----
From: Tanstaafl [mailto:Tanstaafl@GEOCITIES.COM]
Sent: Wednesday, February 25, 1998 3:00 PM
To: BUGTRAQ@NETSPACE.ORG
Subject: Handler Mapped File Extensions Bug
<SNIP>
http://www.victim.com/asp/something.stm/asp/something.asp
Returns the raw "something.asp" code in the directory
'd\main\WWW\asp\'
This includes any other files you've included as information
handlers, ( Java class files, VB files, etc...) even encrypted
password files. As long as you know the file names you can access the
raw code. (This also means you can download it.)
I'd like to thank "Micha=B3 Zalewski"
<lcamtuf@boss.staszic.waw.pl> for his help in discovering this
problem. I'll further investigate this problem.
blaze your trail!
--
David Dune
Unsolicited commercial email read for $500 per message.
