[9204] in bugtraq
Re: Perl.exe and IIS security advisory
daemon@ATHENA.MIT.EDU (Tabor J. Wells)
Mon Jan 25 14:24:53 1999
Date: Sun, 24 Jan 1999 20:23:40 -0500
Reply-To: "Tabor J. Wells" <twells@SHORE.NET>
From: "Tabor J. Wells" <twells@SHORE.NET>
X-To: mnemonix <mnemonix@GLOBALNET.CO.UK>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <007401be4649$fd1a0390$216610ac@mercury>; from mnemonix on Fri,
Jan 22, 1999 at 08:58:33PM -0000
On Fri, Jan 22, 1999 at 08:58:33PM -0000,
mnemonix <mnemonix@GLOBALNET.CO.UK> is thought to have said:
> In all versions of IIS, where a website has been configured to interpret
> perl scripts using the perl executable (perl.exe), a problem exists where a
> request for a non-existent file will return the physical location on a disk
> of a web directory. A request for:
>
> http://www.server.com/scripts/no-such-file.pl
I really wish people wouldn't do this. www.server.com is a legitimate
site (it's hosted on my network) and they certainly don't run IIS.
Tabor
Shore.Net
--
___________________________________________________________________________
Tabor J. Wells twells@shore.net
Systems Administration Manager Just another victim of the ambient morality
Shore.Net -- High quality Internet access and hosting services since 1993
