Bugtraq mailing list archives
The old "." problem
From: nblasgen () NICK REFRACT COM (nblasgen () NICK REFRACT COM)
Date: Wed, 13 Oct 1999 15:31:02 -0700
A while back there was the problem of Windows HTTP servers with CGI and other sever parsed pages (ASF, SMX, etc) if you added a "." to the end it would give you the raw code in TEXT format. I understand how that was a security problem. Just noticed that the same problem is true for at least one Windows FTP server, Serv-U. I can't find a problem with being able to request files with a extra "." at the end. I was unable to test the idea of downloading files that I had no permissions too. Nicholas Blasgen Refract, LLC
Current thread:
- IE 5.0 security vulnerability - reading local (and from any domain, probably window spoofing is possible) files using IFRAME and document.execCommand, (continued)
- IE 5.0 security vulnerability - reading local (and from any domain, probably window spoofing is possible) files using IFRAME and document.execCommand Georgi Guninski (Oct 11)
- Re: SCO OpenServer 5.0.5 overwrite /etc/shadow Bela Lubkin (Oct 11)
- Re: SCO OpenServer 5.0.5 overwrite /etc/shadow Ralph the Wonder Llama (Oct 12)
- Re: SCO OpenServer 5.0.5 overwrite /etc/shadow Bela Lubkin (Oct 12)
- Xerox DocuColor 4 LP D.O.S Jason Lutz (Oct 13)
- Security of "Virtual Network Computer" Mikael Olsson (Oct 12)
- Re: Security of "Virtual Network Computer" Cameron Simpson (Oct 12)
- Re: Security of "Virtual Network Computer" Dan Foster (Oct 12)
- Re: Security of "Virtual Network Computer" Luca Berra (Oct 13)
- Finjan Alert: WinNT.Infis Trojan by way of Tim Wieneke (Oct 13)
- The old "." problem nblasgen () NICK REFRACT COM (Oct 13)
- Re: The old "." problem David Zverina (Oct 14)
- Re: The old "." problem S.Faust (Oct 16)
- Gauntlet 5.0 BSDI warning Keith Young (Oct 18)
- Re: Gauntlet 5.0 BSDI warning Strange (Oct 18)
- Re: Gauntlet 5.0 BSDI warning Keith Young (Oct 18)
- Email virus on the prowel Albert Hopkins (Oct 19)
- Another Microsoft Java Flaw Disovered Gary McGraw (Oct 14)
- Administrivia Elias Levy (Oct 14)