|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: More info on MS00-019
From: Alan Monaghan (AlanM
GARDNERWEB.COM)Date: Thu Apr 13 2000 - 09:16:02 CDT
- Next message: rain forest puppy: "RFP2K02: "Netscape engineers are weenies!""
- Previous message: Steve Topilnycky: "Re: FW:PcAnywhere weak password encryption"
- Maybe reply: Alan Monaghan: "Re: More info on MS00-019"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This is a tough answer (tough love?!?). One of the standard ways is to set
up the Scripts directory not to be under the wwwroot but to be in another
directory under the same web server and to do a virtual directory to it. Is
the real answer not to set up a UNC share to that? The only reason I can see
to set that up is if you don't want your web developers to have access to
the whole web site's physical layout since we usually try to do the mount
point to the main directory that contains the entire web site itself.
\\some_server\website.com -- |
|--- scripts
|--- wwwroot
|
|--- other directories ...
Be like water my friend ...
Alan G. Monaghan, MCSE+I
Gardner Publications, Inc.
Internet Administrator
? Phone 1-513-527-8867
? Fax 1-513-527-8801
? Cell 1-513-520-6866
? E-mail AlanMGardnerweb.com
-----Original Message-----
From: mockACTIVESTATE.COM [mailto:mockACTIVESTATE.COM]
Sent: Wednesday, April 12, 2000 10:05 PM
To: win2ksecadviceLISTSERV.NTSECURITY.NET
Subject: Re: More info on MS00-019
On Fri, Apr 07, 2000 at 12:25:33PM -0500, rain forest puppy wrote:
> In usual tradition, little information is to be had about the "Virtualized
> UNC Share" problem talked about in MS00-019. Luckily, MS was nice enough
> to submit an extra post to Bugtraq to give Adam Coyne credit.
>
> Anyways, for those of you interested in the problem, making a request for
> a file with a trailing '\' from a virtual directory hosted on a UNC share
> will cause the source to be given. So, for example:
>
> Virtual directory: /test/ -> \\some_server\share\
> There exists \\some_server\share\test.asp
>
> Now a simple request such as "GET /test/test.asp\ HTTP/1.0" will yeild the
> source of test.asp.
>
> - rain forest puppy
>
> ps. No, I'm not dead. Fun stuff coming up *very* soon. :)
>
Just did a quick test of this and the same thing works for perl scripts on
NT
4.0 SP6a, IIS4.0 with ActivePerl 5.6 using either "perl.exe %s %s" in the
script mappings or "perlis.dll". I assume that it should work for
perlex.dll
as well, though I haven't tried it. My advise is not to run any cgi's out
of
virtual directories.
mock
_____________________________________________________________________
** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
SEND ALL COMMANDS TO: listservlistserv.ntsecurity.net
_____________________________________________________________________
** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
SEND ALL COMMANDS TO: listservlistserv.ntsecurity.net
- Next message: rain forest puppy: "RFP2K02: "Netscape engineers are weenies!""
- Previous message: Steve Topilnycky: "Re: FW:PcAnywhere weak password encryption"
- Maybe reply: Alan Monaghan: "Re: More info on MS00-019"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]