| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <AANLkTimqpYdds0SDtVVTpQ4b6KpFT2ZFFBy_Jp-LUeqb@mail.gmail.com> Date: Thu, 8 Jul 2010 14:43:26 +0530 From: Vipul Agarwal <vipul@...tygeeks.com> To: BlackHawk <hawkgotyou@...il.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Windows XP bug First, the bug seems to be useless but you deployed it cleverly in the PoC. It could be something rare but makes web apps on Windows vulnerable with some exceptions. Nice work! On Thu, Jul 8, 2010 at 1:08 PM, Sagar Belure <sagar.belure@...il.com> wrote: > On Wed, Jul 7, 2010 at 10:54 AM, BlackHawk <hawkgotyou@...il.com> wrote: >> Hi list, i recently discovered a very small Windows XP bug, kind of >> useless alone but that could be usefull in some scenarios. >> >> Explanation: >> >> when you try to access a non existing directory though shell command >> "cd", XP returns an error (obviously), but if you cd to a non-existing >> & move one directory up, you'll not get any error. >> >> Example: >> --- >> C:\>cd ./somerandomchars <-- Will give an error >> Impossibile trovare il percorso specificato. >> >> C:\>cd ./somerandomchars/../ <-- Everything is ok >> >> C:\> >> --- >> >> PoC on how to make this thing usefull: >> http://www.scribd.com/doc/28080332/Podcast-Generator-1-3-Arbitrary-File-Download-Windows >> >> Hope this could be useful for you in some way.. >> >> -- >> BlackHawk - hawkgotyou@...il.com >> >> Sent with Gmail >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > Never seen this before. > But, it's very obvious, as you are 'changing directory'(cd > thisdoesntexist/) to a non existing folder and then getting out of > it(../). > > But, there is difference with evaluation/calculation in windows and linux. > Here is how... > > On Windows Box... > > C:\>cd thisdoesntexist/ > The system cannot find the path specified. > > C:\>cd thisdoesntexist/../ > > C:\>cd thisdoesntexist/thisonetoo/../ > The system cannot find the path specified. > > C:\>cd thisdoesntexist/thisonetoo/../../ > > C:\> > > > On Linux box... > > one@...ntubox:~$ cd thisdoesntexist/ > -bash: cd: thisdoesntexist: No such file or directory > one@...ntubox:~$ cd thisdoesntexist/../ > -bash: cd: thisdoesntexist/../: No such file or directory > one@...ntubox:~$ > > > -- > Thanks, > Sagar Belure > Security Analyst > Secfence Technologies > www.secfence.com > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- Thanks and Regards, Vipul Agarwal _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists