[9124] in bugtraq
Re: Personal web server
daemon@ATHENA.MIT.EDU (Michael Howard)
Tue Jan 19 20:10:53 1999
Date: Tue, 19 Jan 1999 13:51:48 -0800
Reply-To: Michael Howard <mikehow@MICROSOFT.COM>
From: Michael Howard <mikehow@MICROSOFT.COM>
X-To: scoates@usa.net
To: BUGTRAQ@NETSPACE.ORG
the frontpage team are looking at it now - as sean noted, the iis codebase
in pws does not have this issue. i'll fwd more info to this alias as soon as
i get more info from the fp team.
Cheers, MH
IIS Security
-----Original Message-----
From: Sean Coates [mailto:sean@SPATULA.ML.ORG]
Sent: Monday, January 18, 1999 10:13 AM
To: BUGTRAQ@NETSPACE.ORG
Subject: Re: Personal web server
kiborg wrote:
> Hello,
>
> Sorry if this has already been known. But i didn't find something of the
> sort.
> While playing with Microsoft Personal Web Server
> (Frontpage-PWS32/3.0.2.926).
> I found that the following URL will list the root directory and be able to
> download any file you want.
> http://www.victim.com/....../
>
That seems to be fixed in the windows98 version of PWS
(http://24.231.6.49/....../ returns server error 161)
Sean Coates
scoates@usa.net
sean@spatula.ml.org
