[14486] in bugtraq
More info on MS00-019
daemon@ATHENA.MIT.EDU (rain forest puppy)
Fri Apr 7 16:31:58 2000
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.4.10.10004071216330.7626-100000@eight.wiretrip.net>
Date: Fri, 7 Apr 2000 12:25:33 -0500
Reply-To: rain forest puppy <rfp@WIRETRIP.NET>
From: rain forest puppy <rfp@WIRETRIP.NET>
X-To: bugtraq@securityfocus.com, vacuum@technotronic.com,
win2ksecadvice@listserv.ntsecurity.net
To: BUGTRAQ@SECURITYFOCUS.COM
In usual tradition, little information is to be had about the "Virtualized
UNC Share" problem talked about in MS00-019. Luckily, MS was nice enough
to submit an extra post to Bugtraq to give Adam Coyne credit.
Anyways, for those of you interested in the problem, making a request for
a file with a trailing '\' from a virtual directory hosted on a UNC share
will cause the source to be given. So, for example:
Virtual directory: /test/ -> \\some_server\share\
There exists \\some_server\share\test.asp
Now a simple request such as "GET /test/test.asp\ HTTP/1.0" will yeild the
source of test.asp.
- rain forest puppy
ps. No, I'm not dead. Fun stuff coming up *very* soon. :)
