Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Using Example Domain Names in Exploits

From: bandregg () REDHAT COM (bandregg () REDHAT COM)
Date: Mon, 25 Jan 1999 16:25:40 -0500

On Sun, 24 Jan 1999 20:23:40 -0500, "Tabor J. Wells" wrote:

On Fri, Jan 22, 1999 at 08:58:33PM -0000,
mnemonix <mnemonix () GLOBALNET CO UK> is thought to have said:


In all versions of IIS, where a  website has been configured to interpret
perl scripts using the perl executable (perl.exe), a problem exists where a
request for a non-existent file will return the physical location on a disk
of a web directory. A request for:

http://www.server.com/scripts/no-such-file.pl


I really wish people wouldn't do this. www.server.com is a legitimate
site (it's hosted on my network) and they certainly don't run IIS.


The domains example.com, example.org, and example.net have all been reserved
by IANA and NIC for just this purpose. Use them.
--
                Bryan C. Andregg * <bandregg () redhat com> * Red Hat Software

    "Gee, I'm glad you're around to tell me the almighty-truth[tm]."
                        -- Patrick J. Volkerding
Previous By Date Next
Previous By Thread Next

Current thread: