[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    IIS 4.0 symlinks
From:       Aris Yahnis <mig () DELTA ! EDU ! GR>
Date:       1999-06-18 15:13:53
[Download RAW message or body]

Hi,

I'm sorry if this is old or has been discussed before or it is even not a
bug...But.I have a system with IIS 4.0 installed + sp5 and i noticed
something.If a user has on his page a file misc.lnk wich was created in
his own probably NT box, and this file points anywhere on the web servers
file,then when he will try to view the file he will be able to see the
contents of the file the .lnk points to.

Example xploit:

Find a web hosting site,create a fictious account , make a shortcut of a
file you would like to see ex. c:\winnt\profiles\administrator\ntuser.dat
upload the .lnk file to the web server and then go ask for it.Answer yes
to open the file remotely ( or something like that).

Now the q: Is it a feature of IIS to follow links? or is it a bug.

PS. I thought this thing over and i couldn't find a help with closing
link-following.


With regards Mig

[prev in list] [next in list] [prev in thread] [next in thread]