ironwallTraverse.txt

`-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA1  
  
IronWall webserver 7.41 directory traversal  
  
  
[-  
## Software ##  
  
App: IronWall Webserver  
Version: 7.41 estable (others not tested)  
Platform: win32  
  
  
## Background ##  
  
Ironwall webserver is a small web server for win32 systems.  
It can be downloaded totally free at softonic/tucows, and their devels seems  
to be out of order.  
  
  
## Vulns ##  
  
1.- If its installed with default options, it shows any file in any drive of  
the computer where is installed,  
because there is no root path already defined.  
  
Sample:  
http://www.server.com/path/to/file.ext  
  
This is not a bug, but it's a big security problem.  
  
2.- When root path is defined, you still have access to full drives. Just  
add 3 or more dots (...) as path  
in the url. This set the drive where installed as root path, and gives  
access to every files.  
  
Sample:  
http://www.server.com/...../path/to/file.ext  
  
  
## Vendor status ##  
  
Vendor was notified on 2005-12-08 without answer.  
- -]  
  
  
note: softonic at 03/09/2005 (19.886 downloads), 2nd pos sorted by  
downloads.  
  
* thanks to make-bzimage.net *  
  
* M4ntr4... we known your're reading it!. *  
  
zdump (at) make-bzimage (dot) net  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1.0.6 (GNU/Linux)  
Comment: For info see http://www.gnupg.org  
  
iD8DBQFDxGTcICM1ozzFv7sRAg2UAKCARky1hT/z0hlrOYtI7oHmQGWqyQCfXCSG  
oxbVdYiRv1cGSDZieXCwUqg=  
=pM7s  
-----END PGP SIGNATURE-----  
  
--  
hwclock (at) gmail (dot) com  
GPG ID: 0x3CC5BFBB  
GPG Srv: pgp.rediris.es  
`