Hiawatha on windows searches for and sends dangerous files
Marius Dinu
6 December 2015, 20:33
Hello.
I belive there is a bug in Hiawahta version 9.9 for windows.
My index files are defined as "Main.htm". On my system, if Main.htm does not exist, hiawatha will search for these files:
Main.htm.exe
Main.htm.lnk
Main.htm.exe.lnk
If any is found, it is sent to the client.
Hiawatha also searches for:
.hiawatha (the normal config file for the directory)
.hiawatha.exe
.hiawatha.lnk
.hiawatha.exe.lnk
And it searches for .exe, .lnk and .exe.lnk variants every time a missing file is requested.
The good thing is that these files are sent with MIME type text/html or whatever the requested file was, and probably most browsers will not ask the user to save or run the file even if that file is a true executable.
Hugo Leisink
9 December 2015, 01:27
This is not a bug in Hiawatha, but some weird fucked up Windows 'feature'. This is exactly the reason why I mention 'use at your own risk' for the Windows package at the download page. Windows... bah! But thanks for reporting, I'll see what I can do to work around this bullshit crap.
This topic has been closed.