IIS /..\.. PROBLEMS
|
A URL such as 'http://www.domain.com/..\..' allows you to browse and download files outside of the webserver content root directory.
A URL such as 'http://www.domain.com/scripts..\..\scriptname' allows you to execute a target script.
By default user 'Guest' or 'IUSR_MACHINENAME' has read access to all files on an NT disk. These files can be browsed, executed or downloaded by wandering guests.
|