Microsoft IIs '..' hole

Description:ANOTHER stupid MS '..' bug, this time in their web server.
Author:possibly Thomas Lopatic (
Compromise:Gain unauthorized access to files outside the public html directories.
Vulnerable Systems:Systems running a vulnerable IIs http server, mostly Windows NT boxes.
Date:26 July 1996


From:  Thomas Lopatic (
Date:  Fri, 26 Jul 1996 20:41:13 +0200 

> > and there is another
> >'..' error in their Internet Information Server. Anyone offering more?
> I have yet to see this error in IIS. Where and how does it exist?

Sorry for not disclosing. I thought I had seen that one on bugtraq. Suppose
there is a document '' and 'Index.html' is
'C:\inetsrv\wwwroot\Public\Index.htm'. Then try getting
'' which will give you
'C:\autoexec.bat'. It seems, however, that the first directory ('Public')
will be necessary, i. e. '' won't

But now back to the Unix things.

Thomas Lopatic                     

More Exploits!

The master index of all exploits is available here (Very large file)
Or you can pick your favorite operating system:
All OS's Linux Solaris/SunOS Micro$oft
*BSD Macintosh AIX IRIX
ULTRIX/Digital UNIX HP/UX SCO Remote exploits

This page is part of Fyodor's exploit world. For a free program to automate scanning your network for vulnerable hosts and services, check out my network mapping tool, nmap. Or try these Insecure.Org resources: