dot bug in MS Personal Web Server

Date: Sun, 22 Mar 1998 10:15:01 -0700
From: Lynn Kyle <lynn@RAINC.COM>
To: BUGTRAQ@NETSPACE.ORG
Subject: MS Personal Web Server

Has this been reported?

The MS Personal Web Server (tried on the win95, not NT) suffers
from the old IIS 3.0 unpatched bug of allowing you to download
asp files by using a trailing ".".

e.g.,

telnet victim 80
GET /default.asp. HTTP/1.0

will give you the contents of the asp not the result.
oops for any of you embedding a db login/pass in the asp.

Mike
Date: Mon, 23 Mar 1998 02:20:56 -0300
From: "Rubens Kuhl Jr." <rkuhljr@PUERIDOMUS.BR>
To: BUGTRAQ@NETSPACE.ORG
Subject: Re: MS Personal Web Server

What version of MS PWS does this apply to ?

NT Option Pack includes IIS 4.0 for NT Server, PWS 4.0 for NT Workstation
and PWS 4.0 for Windows 95, and I would think (although I haven't tested to
be sure) that this doesn't affect PWS 4.0/Win95.



Rubens Kuhl Jr.


> -----Original Message-----
> From: Lynn Kyle [SMTP:lynn@RAINC.COM]
> Sent: Sunday, March 22, 1998 2:15 PM
> To:   BUGTRAQ@NETSPACE.ORG
> Subject:      MS Personal Web Server
>
> Has this been reported?
>
> The MS Personal Web Server (tried on the win95, not NT) suffers
> from the old IIS 3.0 unpatched bug of allowing you to download
> asp files by using a trailing ".".
>
> e.g.,
>
> telnet victim 80
> GET /default.asp. HTTP/1.0
>
> will give you the contents of the asp not the result.
> oops for any of you embedding a db login/pass in the asp.
>
> Mike