Re: Handler Mapped File Extensions Bug

Darryl Braaten (DBraaten@IMG.SEAGATESOFTWARE.COM)
Thu, 26 Feb 1998 09:46:29 -0800

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Michal Zalewski: "Re: Handler Mapped File Extensions Bug"
Previous message: Thom Henderson: "Re: Serious bug in "radius" dialup authentication software"
Maybe in reply to: Tanstaafl: "Handler Mapped File Extensions Bug"
Next in thread: Michal Zalewski: "Re: Handler Mapped File Extensions Bug"

The displaying of file system path seems to be limited to IIS3 servers.
The installs of IIS4 I have only returned the path as provided in the
URL.
http://someserver/asp/something.stm
Error processing SSI file '/asp/something.stm'

I could not reproduce the ability to read raw source. Perhaps the
system that it was possible to read the source from did not have the .
bug fix applied.

Darryl

-----Original Message-----
From: Tanstaafl [mailto:Tanstaafl@GEOCITIES.COM]
Sent: Wednesday, February 25, 1998 3:00 PM
To: BUGTRAQ@NETSPACE.ORG
Subject: Handler Mapped File Extensions Bug

<SNIP>

http://www.victim.com/asp/something.stm/asp/something.asp

Returns the raw "something.asp" code in the directory
'd\main\WWW\asp\'

This includes any other files you've included as information
handlers, ( Java class files, VB files, etc...) even encrypted
password files. As long as you know the file names you can access the
raw code. (This also means you can download it.)

I'd like to thank "Micha³ Zalewski"
<lcamtuf@boss.staszic.waw.pl> for his help in discovering this
problem. I'll further investigate this problem.

blaze your trail!

-- David Dune

Unsolicited commercial email read for $500 per message.

Next message: Michal Zalewski: "Re: Handler Mapped File Extensions Bug"
Previous message: Thom Henderson: "Re: Serious bug in "radius" dialup authentication software"
Maybe in reply to: Tanstaafl: "Handler Mapped File Extensions Bug"
Next in thread: Michal Zalewski: "Re: Handler Mapped File Extensions Bug"