Bug in IIS and PWS but only for Windows 9x. Re: Personal web

[lavrenko () MCST RU (Victor Lavrenko)]

> > > > > "Aleph" == Aleph One <aleph1 () UNDERGROUND ORG> writes:

Hello everybody.

This bug exists because Windows 9x has a nice feature. When you
excecute "cd .." it goes to the parent directory, and "cd ..." goes to
the parent directory of parent directory etc. Windows NT has no such
feature so it isn't exploitable.

IIS 4.0 and PWS 3.0 exploitable while executed under Windows 9x only,
not Windows NT.

    Aleph> No:

    Aleph> Windows NT 4.0 SP3 ("kiborg" <contact () kiborg net>) Windows
[skip]
    Aleph> Windows 98 (Sean Coates scoates () usa ne)

Sean checked box with PWS 2.0. Due to another bug in its core, it
seems that is not exploitable. PWS 3.0 doesn't have such bug so it is
exploitable.

    Aleph> Yes:

    Aleph> Windows 95 ("kiborg" <contact () kiborg net>) Windows 98
[skip]
    Aleph> it open.

PWS and IIS (they have the same core) check for ".." in URL, but don't
check for "...", "...." etc.

Summary:

1. IIS 4.0 and PWS 3.0 exploitable under Windows 9x.
2. IIS (any version) and PWS (any version) not exploitable under
   Windows NT.
3. PWS 2.0 and (possibly) IIS 3.0 not exploitable under Windows 9x.

--
Victor Lavrenko
   Homepage:        http://www.lavrenko.pp.ru/
   E-mail:          lavrenko () mcst ru  lavrenko () cs msu su
   Fingerprint:     35 D0 98 8D 96 E5 F4 BA  59 FB 9D 29 92 26 F5 59