Re: [unicode / iis4]

["Wertheimer, Ishai" <iwertheimer () KPMG COM>]

1.      Although you find it hard to believe, this is the actual server
response, so you can't argue
2.      I didn't say the msadc folder is under E: I just say that it seems
like the server is directing /msadc/ to E:..../msadc/


Ishai Wertheimer


        -----Original Message-----
        From:   Marco van Berkum [SMTP:m.v.berkum () obit nl]
        Sent:   ? 11 ????? 2001 10:35
        To:     Wertheimer, Ishai
        Cc:     VULN-DEV () SECURITYFOCUS COM
        Subject:        Re: [unicode / iis4]

        "Wertheimer, Ishai" wrote:

        >
        > Here is an example:
        >
        > When trying to figure out directory I'm going to I tried IDQ
extension and
        > got:
        >
        > File
        >
E:\Somedirectory\docroot\msadc\..\..\..\..\..\..\..\..\..\..\winnt\system32\
        > test.idq
        >

        ????????

        First of all you say that with IDQ you get this:
        
E:\Somedirectory\docroot\msadc\..\..\..\..\..\..\..\..\..\..\winnt\system32\
test.idq

        I find this hard to believe since NT will never show you \..\..\
kinda traversal
        chars (they filter these
        NON unicode encoded chars out, unicode would be ../..\..),
        and another point is that the msadc directory is NOT after
document_root
        directory but it
        is on c:\program files\common files\system\msadc and another point
is that
        winnt\system32
        will not be found on drive E: (at least not with normal
installation).



        >
        > So msadc directory isn't always directing to sysroot.

        It is.

        grtz,
        Marco van Berkum

        --
        Sex is like hacking. You get in, you get out,
        and you hope you didn't leave something behind
        that can be traced back to you.

        Marco van Berkum, System Operator/Security Analyst OBIT b.v.
        RIPEHANDLE: MB17300-RIPE

        
*****************************************************************************
The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorized.

If you are not the intended recipient, any disclosure, copying, distribution
or any action taken or omitted to be taken in reliance on it, is prohibited
and may be unlawful. When addressed to our clients any opinions or advice
contained in this email are subject to the terms and conditions expressed in
the governing KPMG client engagement letter.
*****************************************************************************