Несанкционированный доступ к файлам через Thttpd/Mini_httpd (protection bypass, directory traversal)

Добавив / к имени файла можно получить доступ к файлу паролей или к любому файлу защищенном через .htpasswd...

Cgisecurity.com Advisory #6: thttpd and mini_http Permission bypass vuln

Hello, The vendor has already sent out notices and the patches can be found on the vendors homepage listed below. - [email protected] Cgi Security Advisory 6 [email protected] Thttpd and MiniHttpd Webserver Permission Bypass Found November 2001 Public Release November 2001 Vendor Contacted...

CVE-2001-0893

Acme minihttpd before 1.16 allows remote attackers to view sensitive files under the document root such as .htpasswd via a GET request with a trailing /...