> But, there is difference with evaluation/calculation in windows and linux.
> Here is how...
It rather depends on where the path evaluation takes place - kernel vs
userland. It might also depend on whether 'cd' checks explicitly for
existence of path elements (bash's cd does)
> o...@ubuntubox:~$
Just a small note that platform bugs are a poor excuse to sloppy coding like
Juan mentioned.
Allowing unfiltered web user input for use in path names is always a bad
idea.
Filtering out path delimiters would already be a huge improvement.
Nice find by the way.
Regards,
Chris.
On Thu, Jul 8, 20
This "feature" is useful to exploit path traversal in windows
environments through web applications.
In this case (I saw it plenty of times):
You can exploit it in windows with this PoC:
http://server/file.php?a=/../../../../../../boot.ini%00
because help/help_/../../../../../../boot.ini ex
First, the bug seems to be useless but you deployed it cleverly in the
PoC. It could be something rare but makes web apps on Windows
vulnerable with some exceptions.
Nice work!
On Thu, Jul 8, 2010 at 1:08 PM, Sagar Belure wrote:
> On Wed, Jul 7, 2010 at 10:54 AM, BlackHawk wrote:
>> Hi list, i
On Wed, Jul 7, 2010 at 10:54 AM, BlackHawk wrote:
> Hi list, i recently discovered a very small Windows XP bug, kind of
> useless alone but that could be usefull in some scenarios.
>
> Explanation:
>
> when you try to access a non existing directory though shell command
> "cd", XP returns an error
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Obviously, it's not a bug, it's a feature. :)
Thomas.
Le 07/07/2010 21:37, T Biehn a écrit :
> This is fairly classic, not novel.
> Your POC is fairly classic, not novel.
>
> -Travis
>
> On Wed, Jul 7, 2010 at 1:54 PM, BlackHawk wrote:
>
>> Hi l
This is fairly classic, not novel.
Your POC is fairly classic, not novel.
-Travis
On Wed, Jul 7, 2010 at 1:54 PM, BlackHawk wrote:
> Hi list, i recently discovered a very small Windows XP bug, kind of
> useless alone but that could be usefull in some scenarios.
>
> Explanation:
>
> when you try
Hi list, i recently discovered a very small Windows XP bug, kind of
useless alone but that could be usefull in some scenarios.
Explanation:
when you try to access a non existing directory though shell command
"cd", XP returns an error (obviously), but if you cd to a non-existing
& move one direct