|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: win2k, XP deletes somename_files when somename.html deleted
From: Albert N. Umerov (bert_umerov
bluebottle.com)
Date: Mon Feb 07 2005 - 13:46:45 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hello,
> create a file named foobar.html
> create a folder named foobar_files
> copy a bunch of files (of any type) inside foobar_files
instead "copy" create for "foobar_files" junction (hard link) to
"c:\windows\system32" (for example)
> delete foobar.html
If user who want delete "foobar.html" have admin rights...
Simple bomb :))
> Even if there's no vuln as such, it's something to be aware of.
don't use Explorer to delete files, restrict policy to use another file
manager to delete files (for example, Far) :)))
--
Best regards,
Albert N. Umerov
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]