Hi! Am Wed, Feb 11, 2004 at 01:49:30PM +0100, Peter J. Holzer wrote: > Right. On Unix "WEB-INF" and "WEB-INF.." are two different, legal file > names. On Windows, trailing dots seem to be ignored, so "WEB-INF" and > "WEB-INF.." are just two names for the same file. This also works if the > filename already has an extension, so for example "foo.html" and > "foo.html....." are the same file, too. Yes and no. At least on my W2K box here it seems to work only for one and two additional dots on the cmd commandline, but not three. (Just to be picky. :-) Another (some kind of obvious) way to exploit the two-dot directory "feature" of Windows under Apache is to bypass <Location ...> based restrictions on directories. e.g. if you have a directory foo in your DocumentRoot and restrict access by <Location "/foo/"> Order deny,allow Deny from all </Location> you can easily access it by requesting http://host/foo../ instead of http://host/foo/, which results in a 403 Forbidden. (It must be a real directory to work, aliasses won't do the trick.) Of course you usually won't lock up directories with <Location ...>, but a there other cases, where you would use <Location ...> in favor of <Directory ...> or <Files ...>. Kind regards, Axel Beckert -- ------------------------------------------------------------- Axel Beckert ecos electronic communication services gmbh it security solutions * web applications with apache and perl Mail: Tulpenstrasse 5 D-55276 Dienheim near Mainz E-Mail: beckert@ecos.de Voice: +49 6133 939-220 WWW: http://www.ecos.de/ Fax: +49 6133 939-333 ------------------------------------------------------------- Visit us at CeBIT (18. - 24. March 2004) Halle 6 Stand B38-452 --------------------------------------------------------------
