More info on MS00-019

Type securityvulns
Reporter Securityvulns
Modified 2000-04-08T00:00:00


In usual tradition, little information is to be had about the "Virtualized UNC Share" problem talked about in MS00-019. Luckily, MS was nice enough to submit an extra post to Bugtraq to give Adam Coyne credit.

Anyways, for those of you interested in the problem, making a request for a file with a trailing '\' from a virtual directory hosted on a UNC share will cause the source to be given. So, for example:

Virtual directory: /test/ -> \\some_server\share\ There exists \\some_server\share\test.asp

Now a simple request such as "GET /test/test.asp\ HTTP/1.0" will yeild the source of test.asp.

  • rain forest puppy

ps. No, I'm not dead. Fun stuff coming up very soon. :)