-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -----Original Message-----
From: Greg Ardpic [mailto:[EMAIL PROTECTED]]
Sent: 18 September 2001 14:41
To: [EMAIL PROTECTED]
Subject: path disclosure
Hello
A friend of mine said that my IIS server has path disclosure
vulnerability. So i wonder what could attacker with the knowledge of
where
the files reside in do?
Cheers,
itb
=============
it gives away the physical file structure of the path it has
disclosed which could be used in various ways.
e.g.
It might reveal an interesting directory structure, it might hint at
the name of a commercial application they are using (message board
etc) which may have weaknesses, it may just give them an easy way to
check out security on a machine e.g. if the webroot lives in the
default location then that probably screams "attack this server it
has a naive admin".
... and these are just a few ideas I can think of in a few minutes
- - Tony
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
Comment: http://www.snowwinter.f2s.com/
iQA/AwUBO6jk960tBy4nR959EQKgWACgv55OCIjAF0MnrqCW2TFiTdz949cAnArJ
ZG3IROYq27HO5Vq/aMlZLVH2
=I9W4
-----END PGP SIGNATURE-----
