Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1999_1

Bugtraq archives for 1st quarter (Jan-Mar) 1999: Re: Personal web server

Re: Personal web server

Michael Howard (mikehowMICROSOFT.COM)
Tue, 19 Jan 1999 13:51:48 -0800

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Steve VanDevender: "Re: Sendmail 8.8.x/8.9.x bugware"
Previous message: Jared Mauch: "Re: Remote Cisco Identification"
Maybe in reply to: kiborg: "Personal web server"
Next in thread: Sean Coates: "Re: Personal web server"

the frontpage team are looking at it now - as sean noted, the iis codebase
in pws does not have this issue. i'll fwd more info to this alias as soon as
i get more info from the fp team.

Cheers, MH
IIS Security


-----Original Message-----
From: Sean Coates [mailto:seanSPATULA.ML.ORG]
Sent: Monday, January 18, 1999 10:13 AM
To: BUGTRAQNETSPACE.ORG
Subject: Re: Personal web server


kiborg wrote:

> Hello,
>
> Sorry if this has already been known. But i didn't find something of the
> sort.
> While playing with Microsoft Personal Web Server
> (Frontpage-PWS32/3.0.2.926).
> I found that the following URL will list the root directory and be able to
> download any file you want.
> http://www.victim.com/....../
>

That seems to be fixed in the windows98 version of PWS

(http://24.231.6.49/....../ returns server error 161)

Sean Coates
scoatesusa.net
seanspatula.ml.org

Next message: Steve VanDevender: "Re: Sendmail 8.8.x/8.9.x bugware"
Previous message: Jared Mauch: "Re: Remote Cisco Identification"
Maybe in reply to: kiborg: "Personal web server"
Next in thread: Sean Coates: "Re: Personal web server"