advisory

2002-09-05T00:00:00
ID SECURITYVULNS:DOC:3460
Type securityvulns
Reporter Securityvulns
Modified 2002-09-05T00:00:00

Description

----------- UkR security team advisory ------------ WebServer 4 Everyone directory traversal bug -----------------------------------------------------

Name: WebServer 4 Everyone directory traversal bug Date: 28.08.2002 Author: UkR-XblP/ UkR security team/ http://ust.dp.ua Application: WebServer 4 Everyone Version: 1.22 URL: http://www.freeware.lt/ Risk: An attacker can view every file in the remote sys About: WebServer 4 Everyone is a commercial webserver that runs on Win32 systems. Bug: problem is caused by the character '\' (%5c) that is not checked as bad character, so the server follow the path in the URI that the attacker give until it reach the file requested. Exploits: http://host/%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cboot.ini or GET /\..\..\..\..\..\boot.ini HTTP/1.0 This last is an HTTP request that can be sent with telnet because some browsers can modify the "\.." chars.

Greetz: 2 Nadya Ostafiychuk - happy birthday !!! ;)

Professional hosting for everyone - http://www.host.ru