lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 7 Jul 2010 15:37:08 -0400
From: T Biehn <tbiehn@...il.com>
To: BlackHawk <hawkgotyou@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Windows XP bug

This is fairly classic, not novel.
Your POC is fairly classic, not novel.

-Travis

On Wed, Jul 7, 2010 at 1:54 PM, BlackHawk <hawkgotyou@...il.com> wrote:

> Hi list, i recently discovered a very small Windows XP bug, kind of
> useless alone but that could be usefull in some scenarios.
>
> Explanation:
>
> when you try to access a non existing directory though shell command
> "cd", XP returns an error (obviously), but if you cd to a non-existing
> & move one directory up, you'll not get any error.
>
> Example:
> ---
> C:\>cd ./somerandomchars <-- Will give an error
> Impossibile trovare il percorso specificato.
>
> C:\>cd ./somerandomchars/../ <-- Everything is ok
>
> C:\>
> ---
>
> PoC on how to make this thing usefull:
>
> http://www.scribd.com/doc/28080332/Podcast-Generator-1-3-Arbitrary-File-Download-Windows
>
> Hope this could be useful for you in some way..
>
> --
> BlackHawk - hawkgotyou@...il.com
>
> Sent with Gmail
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ