It appears that I may have been a little premature with this post.
With the help of a few of the other firewalls subscribers, hopefully we'll
trudge this problem (i.e. Guess we need to RTFM :). Will keep up to date.
Regards,
Joe
At 04:22 PM 12/5/96 -0500, oolid @
acqic .
org (Joseph L. Moll) wrote:
>Hello all:
>
>We have noticed a little problem with IIS 2.0 and were wondering if the
>problem also exists in IIS 3.0.
>
>It seems that anyone can browse the any files in the cgi-bin directory on
>the server. For example, browse this on your IIS web host:
>
>http://your.domain.here/cgi-bin/my_cgi.ini
>
>The only catch is that you have to know the name of the file. Good ole
>security by obscurity?
>
>IIS 2.0 in conjunction with M$ Internet Exploder passes the end users domain
>and username to the IIS for access. Get's logged in the log file as
>DOMAIN\USERNAME.
>
>Anyone else observed this slight problem?
>
>
>Regards,
>---
>Joseph L. (Joe) Moll -- Network and Communications Engineering
>mailto:jmoll @
acquion .
com http://www.acquion.com
>ACQUION, Inc. Greenville, SC USA -- Specialists in Electronic Commerce
>PGP Fingerprint = 8D E7 F0 E8 8D 67 A8 19 02 CB 83 0F 19 41 D3 A9
>
>
|
|
