Date: Mon, 25 Jan 1999 16:25:40 -0500 From: bandregg@REDHAT.COM Subject: Using Example Domain Names in Exploits To: BUGTRAQ@NETSPACE.ORG On Sun, 24 Jan 1999 20:23:40 -0500, "Tabor J. Wells" wrote: >On Fri, Jan 22, 1999 at 08:58:33PM -0000, >mnemonix <mnemonix@GLOBALNET.CO.UK> is thought to have said: > >> In all versions of IIS, where a website has been configured to interpret >> perl scripts using the perl executable (perl.exe), a problem exists where a >> request for a non-existent file will return the physical location on a disk >> of a web directory. A request for: >> >> http://www.server.com/scripts/no-such-file.pl > >I really wish people wouldn't do this. www.server.com is a legitimate >site (it's hosted on my network) and they certainly don't run IIS. The domains example.com, example.org, and example.net have all been reserved by IANA and NIC for just this purpose. Use them. -- Bryan C. Andregg * <bandregg@redhat.com> * Red Hat Software "Gee, I'm glad you're around to tell me the almighty-truth[tm]." -- Patrick J. Volkerding