lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 08 Jul 2010 00:00:56 +0200 From: Duboucher Thomas <thomas@...oucher.eu> To: full-disclosure@...ts.grok.org.uk Subject: Re: Windows XP bug -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Obviously, it's not a bug, it's a feature. :) Thomas. Le 07/07/2010 21:37, T Biehn a écrit : > This is fairly classic, not novel. > Your POC is fairly classic, not novel. > > -Travis > > On Wed, Jul 7, 2010 at 1:54 PM, BlackHawk <hawkgotyou@...il.com> wrote: > >> Hi list, i recently discovered a very small Windows XP bug, kind of >> useless alone but that could be usefull in some scenarios. >> >> Explanation: >> >> when you try to access a non existing directory though shell command >> "cd", XP returns an error (obviously), but if you cd to a non-existing >> & move one directory up, you'll not get any error. >> >> Example: >> --- >> C:\>cd ./somerandomchars <-- Will give an error >> Impossibile trovare il percorso specificato. >> >> C:\>cd ./somerandomchars/../ <-- Everything is ok >> >> C:\> >> --- >> >> PoC on how to make this thing usefull: >> >> http://www.scribd.com/doc/28080332/Podcast-Generator-1-3-Arbitrary-File-Download-Windows >> >> Hope this could be useful for you in some way.. >> >> -- >> BlackHawk - hawkgotyou@...il.com >> >> Sent with Gmail >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkw0+RgACgkQBV7eXqefhqidawCfcIkZGHkD7GgnUwLAOfv2IyHb JtgAn3KbG0WHxEXE9kdZvXB3Nr5M1LC4 =PLwn -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists