Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1999_1

Bugtraq archives for 1st quarter (Jan-Mar) 1999: Re: Perl.exe and IIS security advisory

Re: Perl.exe and IIS security advisory

Tabor J. Wells (twellsSHORE.NET)
Sun, 24 Jan 1999 20:23:40 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Marc: "IIS Advisory Update"
Previous message: KuRuPTioN: "SSH Daemon"
In reply to: mnemonix: "Perl.exe and IIS security advisory"
Next in thread: bandreggREDHAT.COM: "Using Example Domain Names in Exploits"

On Fri, Jan 22, 1999 at 08:58:33PM -0000,
mnemonix <mnemonixGLOBALNET.CO.UK> is thought to have said:

> In all versions of IIS, where a  website has been configured to interpret
> perl scripts using the perl executable (perl.exe), a problem exists where a
> request for a non-existent file will return the physical location on a disk
> of a web directory. A request for:
>
> http://www.server.com/scripts/no-such-file.pl

I really wish people wouldn't do this. www.server.com is a legitimate
site (it's hosted on my network) and they certainly don't run IIS.

Tabor
Shore.Net
--
___________________________________________________________________________
Tabor J. Wells                                             twellsshore.net
Systems Administration Manager  Just another victim of the ambient morality
Shore.Net  --  High quality Internet access and hosting services since 1993

Next message: Marc: "IIS Advisory Update"
Previous message: KuRuPTioN: "SSH Daemon"
In reply to: mnemonix: "Perl.exe and IIS security advisory"
Next in thread: bandreggREDHAT.COM: "Using Example Domain Names in Exploits"