I also tried it, but I think you might be missing what it is doing.

It looks like it takes the cd \ and ignores everything after it.

I tried cd \.\ and cd \..\ and got the same results

-----Original Message-----
From: Piyush Agarwal [mailto:pvagarwalyahoo.com]
Sent: Wednesday, February 06, 2002 1:31 PM
To: Jim Nanney; Strumpf Noir Society
Cc: vuln-devsecurityfocus.com
Subject: Re: directory traversal

On Win 2k (running cmd.exe)

C:\>cd winnt

C:\WINNT>cd system32

C:\WINNT\system32>cd \...\

C:\>

On same machine (now running Command.com)

C:\>cd winnt

C:\WINNT>cd system32

C:\WINNT\SYSTEM32>cd \...\
Invalid directory

C:\WINNT\SYSTEM32>

So u can see that on Win2K the triple dot traversal
works in cmd.exe but not in command.com......anyone
wanting to dig deeper in this ?? :-)

- Piyush Agarwal

--- Jim Nanney <jnanneydatasync.com> wrote:
> I'm just a lurker here, but a simple thought...
>
> I saw this and thought well it probably has to do
> with cmd.exe of win2k
>
> On my win2k machine using cmd.exe:
> ************************************
>
> C:\>cd winnt\system32\drivers
>
> C:\WINNT\system32\drivers>cd \...\
>
> C:\>
>
> on my win98 machine using command.com
> *************************************
>
> C:\>cd windows\system32\drivers
>
> C:\WINDOWS\SYSTEM32\DRIVERS>cd \...\
> Bad command or file name
>
> C:\WINDOWS\SYSTEM32\DRIVERS>
>
> Can't give you reasons why, but given the little
> information supplied I
> would bet it would be system calls opening a shell
> and thus the reason for
> the /.../ working on win2k and not 98.
>
> --Jim Nanney
>

__________________________________________________
Do You Yahoo!?
Send FREE Valentine eCards with Yahoo! Greetings!
http://greetings.yahoo.com
 
____________________________________________________________________________
This e-mail message is private and may contain confidential or privileged
information.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]