> "Richard Smith" writes:
> > Is it possible to also crash a Web server hosted on a Windows box
using
> > a URL something like:
> >
> > http://www.somebody.com/aux
> >
without referencing my books, i recall protected filenames being..
AUX, PRN, COMx As well, under win9x making a folder name
>We had to remove the reference with a Windows 2000 bootdisk.
actually you don't have to do this you can "trick" windows by using a UNC
path
you can delete the file by typing
del \\.\C:\COM1
or create a file with an invalid filename like this :
echo bla > \\.\C:\COM1
-- jelmer
- Orig
I tested it with Apache 1.3.27 on my win-box with
GET/POST/PUT/OPTIONS/-requests. It just displays me the default 403
error-page.
Here the line of the error.log-logfile:
[Wed Jul 09 21:40:23 2003] [error] [client 127.0.0.1] Filename is not valid:
d:/inetserv-docroot/aux
- Original Message ---
"Richard Smith" writes:
> Is it possible to also crash a Web server hosted on a Windows box using
> a URL something like:
>
> http://www.somebody.com/aux
>
> If this particular URL is okay, maybe there are other URLs that will
> cause a crash. For example, POSTing a form to a URL containing AU
> Is it possible to also crash a Web server hosted on a Windows box
using
> a URL something like:
>
> http://www.somebody.com/aux
http://192.168.0.2/aux <--- unconfirmed on ANhttpd 1.4h
wood
___
Full-Disclosure - We believe in it.
Charter: http://li
I tested this on our only Win2K SP4 machine and the first time I entered the
url http://www.somebody.com/aux ( where somebody was changed to one of our
sites ) I was pinging the server. The pings locked up and had 85% packet
loss. I then checked the site and it came up and the pinging started work
Yes. It is possible to crash a web server hosted on a windows box using
these "special" files. Usually the vulnerability comes from posting to a
script that attempts to open a file based on the arguments passed to it,
not just by asking for one of these files. (I think IIS isn't dumb
enough to just