Bugtraq mailing list archives
LocalWEB2000 Directory Traversal Vulnerability
From: SNS Research <vuln-dev () greyhack com>
Date: Fri, 19 Jan 2001 21:41:52 +0100
Strumpf Noir Society Advisories ! Public release ! <--# -= LocalWEB2000 Directory Traversal Vulnerability =- Release date: Friday, January 19, 2001 Introduction: LocalWEB2000 is a HTTP server for the MS Windows suite of operating systems. It's intended for use as an intranet server by small to medium size companies. LocalWEB2000 is availble from http://www.intranet-server.co.uk Problem: Adding the string "../" to an URL allows an attacker access to files outside of the webserver's publishing directory. This allows read access to any file on the server. Example: http://localhost:80/../../../autoexec.bat reads the file "autoexec.bat" from the partition's root dir (using default install). (..) Solution: Vendor has been notified, the problem will be fixed in a future release. This was tested against LocalWEB2000 v1.1.0. yadayadayada SNS Research is rfpolicy (http://www.wiretrip.net/rfp/policy.html) compliant, all information is provided on AS IS basis. EOF, but Strumpf Noir Society will return!
Current thread:
- LocalWEB2000 Directory Traversal Vulnerability SNS Research (Jan 22)