Vulnerability Development mailing list archives
ie5 and .doc URLs
From: ot () ZOY ORG (Olivier Thereaux)
Date: Fri, 9 Jun 2000 14:39:00 +0200
Hi everybody. I do not know whether what I have discovered has already been discussed or not, but it seemed pretty interesting to me, therefore, here I go: [Uncle yoda's (yeah, that's a stupid nick, I know that already) story, skip it if you lack time] I wanted to share a word document to people on a mailing-list. I put it in my public_html, and posted the path to the list (i.e. http://server/~yoda ). Watching my apache's access.log, i could see that: (xxx meaning "stupid windows host belonging to a stupid big consulting company") xxx - "GET /~yoda HTTP/1.0" 301 230 xxx - "GET /~yoda/ HTTP/1.0" 200 891 xxx - "GET /icons/blank.gif HTTP/1.0" 200 148 xxx - "GET /icons/back.gif HTTP/1.0" 200 216 xxx - "GET /icons/unknown.gif HTTP/1.0" 200 245 xxx - "GET /~yoda/document.doc HTTP/1.0" 200 83456 xxx - "OPTIONS /~yoda HTTP/1.0" 301 230 xxx - "GET /_vti_inf.html HTTP/1.0" 200 3042 xxx - "POST /_vti_bin/shtml.exe/_vti_rpc HTTP/1.0" 302 215 xxx - "OPTIONS /~yoda/document.doc HTTP/1.0" 200 - So what? I first supposed someone on the list wanted to play with my server, but why the hell did he test an IIS script on an apache server? Sounded weird. So I asked for an explaination, what I got looked like "sorry, you know, IE5 sucks..." aso. Oh well, great. [end of the tell-me-about-your-spectacular-life section] So, it seems IE5 has a rather mononeuronal behaviour when dealing with .doc URLs. I am actually wondering whether the fact that the shtml.exe is called with the POST method could allow something *bad* to be performed against IE5. I believe a GET would have been OK, but what about POST? Any idea? Thanks. -- Olivier Thereaux Doko ni datte, hito wa tsunagatteiru.
Current thread:
- Re: krb5 1.1.1 Trevor Schroeder (May 31)
- Re: krb5 1.1.1 Mariusz Woloszyn (Jun 05)
- ADV: /con/con is yet exploitable on most fservs Paulo Ribeiro (Jun 07)
- Re: ADV: /con/con is yet exploitable on most fservs Cam (Jun 08)
- Re: A<D>V: /con/con is yet exploitable on most fservs Niall Smart (Jun 08)
- weird bug found marco (Jun 09)
- Re: weird bug found hypoclear - lUSt - (Linux Users Strike Today) (Jun 09)
- ie5 and .doc URLs Olivier Thereaux (Jun 09)
- Re: ie5 and .doc URLs Chris Tobkin (Jun 09)
- Re: ie5 and .doc URLs Olle Segerdahl (Jun 09)
- mdaemon 2.8.5.0 DoS Craig (Jun 09)
- Re: ie5 and .doc URLs security-lists () SERVER KAPOW DK (Jun 09)
- Re: ie5 and .doc URLs Jason Haar (Jun 11)
- ADV: /con/con is yet exploitable on most fservs Paulo Ribeiro (Jun 07)
- Re: krb5 1.1.1 Mariusz Woloszyn (Jun 05)
- Re: krb5 1.1.1 horio shoichi (Jun 07)
- <Possible follow-ups>
- Re: krb5 1.1.1 horio shoichi (Jun 02)