lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <AANLkTim--Ntj9L_756npQE8i-LUUCti5zni5DMmLBQ8p@mail.gmail.com>
Date: Thu, 8 Jul 2010 00:38:35 -0700
From: Sagar Belure <sagar.belure@...il.com>
To: BlackHawk <hawkgotyou@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Windows XP bug

On Wed, Jul 7, 2010 at 10:54 AM, BlackHawk <hawkgotyou@...il.com> wrote:
> Hi list, i recently discovered a very small Windows XP bug, kind of
> useless alone but that could be usefull in some scenarios.
>
> Explanation:
>
> when you try to access a non existing directory though shell command
> "cd", XP returns an error (obviously), but if you cd to a non-existing
> & move one directory up, you'll not get any error.
>
> Example:
> ---
> C:\>cd ./somerandomchars <-- Will give an error
> Impossibile trovare il percorso specificato.
>
> C:\>cd ./somerandomchars/../ <-- Everything is ok
>
> C:\>
> ---
>
> PoC on how to make this thing usefull:
> http://www.scribd.com/doc/28080332/Podcast-Generator-1-3-Arbitrary-File-Download-Windows
>
> Hope this could be useful for you in some way..
>
> --
> BlackHawk - hawkgotyou@...il.com
>
> Sent with Gmail
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Never seen this before.
But, it's very obvious, as you are 'changing directory'(cd
thisdoesntexist/) to a non existing folder and then getting out of
it(../).

But, there is difference with evaluation/calculation in windows and linux.
Here is how...

On Windows Box...

C:\>cd thisdoesntexist/
The system cannot find the path specified.

C:\>cd thisdoesntexist/../

C:\>cd thisdoesntexist/thisonetoo/../
The system cannot find the path specified.

C:\>cd thisdoesntexist/thisonetoo/../../

C:\>


On Linux box...

one@...ntubox:~$ cd thisdoesntexist/
-bash: cd: thisdoesntexist: No such file or directory
one@...ntubox:~$ cd thisdoesntexist/../
-bash: cd: thisdoesntexist/../: No such file or directory
one@...ntubox:~$


-- 
Thanks,
Sagar Belure
Security Analyst
Secfence Technologies
www.secfence.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ