> >Hi All - > >Personal Web Server is, of course, not intended to host web sites on the >Internet. It's only intended to be used in protected environments such >as home networks and the like. If you're hosting an Internet site, IIS >is the appropriate product to use. Regards, > >Scott Culp >Security Program Manager >Microsoft Security Response Center > Interesting, because your web site says specifically that both Personal Web Server and Peer Web Services CAN be used for Internet-accessible web sites. Take a look... http://msdn.microsoft.com/library/officedev/office97/settinguppersonalwebserver.htm Regards, Zack Link >-----Original Message----- >From: Dinos Pastos [mailto:[EMAIL PROTECTED]] >Sent: Sunday, March 18, 2001 2:16 AM >To: [EMAIL PROTECTED] >Subject: Microsoft - Personal Web Server Extended UNICODE Directory >Traversal Vulnerability > > >Hi all... > >Just wanted to point out that while testing my Default installation of >Windows 98 running Microsoft Personal Web Server that came with the >Windows98 SE CD I discovered that the famous IIS 4/5 Unicode Directory >Traversal Vulnerability applies also to this Server just as bad as in >IIS. > >The exploit method is the same : >http://PWS-server/scripts/..%c1%9c../windows/notepad.exe > >I wont go in to detail on how to exploit a Windows machine... (Sorry >script kiddies)... > >Patches: Dunno. >Quickfixes: Use Linux. > >Dinos Pastos - [EMAIL PROTECTED] >Security Advisor
