COMMAND
PWS
SYSTEMS AFFECTED
PWS
PROBLEM
Felipe Moniz found following. He tested this in the PWS (based
on IIS 4) and it worked. He created a file called
"clientlist2001.txt" and with client~1.txt
(www.site.com/client~1.txt). You get the clientlist2001.txt
without know the complete name of the file. The problem occurs
also when You type "postin~1.htm" for access "postinfo.html" file.
PWS is vulnerable, IIS 4.0 and Sambar Server apparently no, but
certainly other win32 web servers are vulnerable. All long
filenames, directories and files with long extensions are
vulnerable.
SOLUTION
This is a known problem. There is a switch that can be thrown
that does not generate the MSDOS names on NTFS partitions:
Hive: HKEY_LOCAL_MACHINE\SYSTEM
Key: \CurrentControlSet\Control\FileSystem
Name: NtfsDisable8dot3NameCreation
Type: REG_DWORD
Value: 1 (turns off 8.3 name generation, only 16 bit need).
Credits
-- UnKnown --
|