Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Busy box httpd file traversal vulenrability

From: bug-finder () hotmail com
Date: 16 Sep 2006 16:07:27 -0000
a file traversal attack is possible in busybox's http daemon when you send a url encoded slash like this 
http://attacked-host//%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd I have tested with busy box 1.01 and I dont know if 
other versions are vulenrable
Previous By Date Next
Previous By Thread Next

Current thread: