[9217] in bugtraq
Using Example Domain Names in Exploits
daemon@ATHENA.MIT.EDU (bandregg@REDHAT.COM)
Mon Jan 25 17:38:56 1999
Date: Mon, 25 Jan 1999 16:25:40 -0500
Reply-To: bandregg@REDHAT.COM
From: bandregg@REDHAT.COM
X-To: "Tabor J. Wells" <twells@SHORE.NET>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: Your message of "Sun, 24 Jan 1999 20:23:40 EST."
<19990124202340.D22934@shore.net>
On Sun, 24 Jan 1999 20:23:40 -0500, "Tabor J. Wells" wrote:
>On Fri, Jan 22, 1999 at 08:58:33PM -0000,
>mnemonix <mnemonix@GLOBALNET.CO.UK> is thought to have said:
>
>> In all versions of IIS, where a website has been configured to interpret
>> perl scripts using the perl executable (perl.exe), a problem exists where a
>> request for a non-existent file will return the physical location on a disk
>> of a web directory. A request for:
>>
>> http://www.server.com/scripts/no-such-file.pl
>
>I really wish people wouldn't do this. www.server.com is a legitimate
>site (it's hosted on my network) and they certainly don't run IIS.
The domains example.com, example.org, and example.net have all been reserved
by IANA and NIC for just this purpose. Use them.
--
Bryan C. Andregg * <bandregg@redhat.com> * Red Hat Software
"Gee, I'm glad you're around to tell me the almighty-truth[tm]."
-- Patrick J. Volkerding
