WEBactive HTTP Server 1.0 Directory Traversal

[slipy () B10Z NET]

Introduction:

ITAfrica's WEBactive HTTP Server 1.00 is an 
HTTP/1.00-compliant World Wide Web server 
daemon for Windows 95 or Windows NT, specifically 
designed for the SOHO (Small Office/Home) 
environment. It will operate on any TCP/IP  
connection to the Internet, whether via temporary dial-
up or permanent  leased-line connectivity. 


The Vendors website is:
*unknown*

Download Package at:
ftp://ftp.euro.net/d3/Windows/winsock-
l/Windows95/Daemons/HTTPD/activ100.zip 


Problem: Simple Directory Traversal

Adding the string "/../" to an URL allows an attacker to 
view any file on the server provided you know where 
the file is at in the first place. Only Win9x & NT are 
affected.


Examples:

http://www.VULNERABLE.com/../../../scandisk.log
^^ = Will obviously open the scandisk.log file.


Note: The ../'s depend on where the httpd is installed 
and what file you are attempting to view. I was 
debating to publish this hole or not because it apears 
the company is no longer in service and wasn't a very 
popular httpd in the first place but, c0n@efnet talked 
me into it despite my objection. 


Solution:

Vendor would have been contacted if I could have 
found their email. In the mean time switch to a  
different httpd program to host your home page off of 
your Microsoft (c) operating system. (or switch to a 
better os!)

--------------------
b10z cgi advisory.
slipy () b10z net

February 16th, 2001.