[isalist] RES: Re: RES:Re: Users using IE 7 can list all the content of an FTP Folder

  • From: "Nivaldo Soraggi Fernandes \(ASABH\)" <nivaldo@xxxxxxxxxxxxxxxxxxx>
  • To: <isalist@xxxxxxxxxxxxx>
  • Date: Wed, 27 Dec 2006 21:00:32 -0200

I´m doing the captures right now. Just one updated info. If I use windows 
explorer to open my ftp site, every thing works just fine.

 

Once I have collected the logs I´ll send it to you....

 

tks for the help Jim.

--------------------------

 

Get network captures at the test clients.

Make a package of the IIS logs of the captures and send them to the list or to 
me if privacy is an issue (it better be).

It’s possible you’ve discovered a bug in IE7, but with only anecdotal 
evidence, there’s nothing to back your claim.

 

 

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Nivaldo Soraggi Fernandes (ASABH)
Sent: Wednesday, December 27, 2006 1:23 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] RES:Re: Users using IE 7 can list all the content of an FTP 
Folder

 

    I have only my FTP log files, in the log I can see that first IE tries to 
log with an anonymous user, than if it fails it asks for a user, but this entry 
are logged even when I trie to access trough an IE 6.0. I have made tests with 
another IIS server (5.0) placed in another enterprise that i work for, and I 
got the same result. I have tried other forums and I found only one guy with 
the similar issue, but no one knew how to help him.

 

    I made another test changing the configuration of my FTP insteado of 
isolate the user, i follow the default configuration, where i have to manually 
specify where the folder of each users are. In this configuration i have no 
troubles. The problem is that i host web pages for a great number of clients, 
and the idea of configuring each FTP to each website makes me nuts...heheh

 

  _____  

De: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] Em nome 
de Jim Harrison
Enviada em: quarta-feira, 27 de dezembro de 2006 19:18
Para: isalist@xxxxxxxxxxxxx
Assunto: [SPAM] - [isalist] Re: Users using IE 7 can list all the content of an 
FTP Folder - Email found in subject

Got captures?

If you can access & modify all folders within the FTP site from IE7 and IE6 
behaves differently, then it seems that you’re authenticating somewhere along 
the line.

 

 

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Nivaldo Soraggi Fernandes (ASABH)
Sent: Wednesday, December 27, 2006 1:06 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Users using IE 7 can list all the content of an FTP Folder
Importance: High

 

    Hi guys, I know this isn't your focus, but I'm posting this question here 
for two reasons, the first is because i Trust in your knowledge, and the second 
because, maybe someone is having the same problem that i'm having. 

 

    What is happening is that users tha have Internet Explorer 7.0 can access 
all the contents of my FTP site. I have configured my FTP (IIS  6.0) to isolate 
users, so in that way if I enter my ftp website with the user TESTE, the only 
content that i see is the content inside the folder TESTE placed in my FTP 
Site. This functions perfectly in versions of IE that are not the 7.0. In IE 
7.0 when i access the site with the user TESTE (ieg.) it returns to me all the 
folders in the root directory, and worst, i can view and modify any file 
beneath the root folder.

 

    Now can anyone tell me is that a serious flaw in IE?? in IIS?? Or I am 
missconfiguring something (I allready checked all the security configurations)

 

PS:. I'm not allowing anonymous access in FTP access.

 

Tks to all,

Nivaldo Soraggi Fernandes

MCP 

70-290 - 70291

 

 

All mail to and from this domain is GFI-scanned.

All mail to and from this domain is GFI-scanned.

Other related posts: