oss-sec mailing list archives
Re: Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability
From: The Doctor <drwho () virtadpt net>
Date: Wed, 22 May 2013 12:50:18 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 05/22/2013 09:29 AM, Vitezslav Cizek wrote:
Are you sure? I fail to reproducet the problem. How do you use lynx? Do you prepend "http://"; to the url? Otherwise lynx won't connect over network and will default to local filesystem. For example: $ lynx -dump "google.com:80/../../../../etc/passwd" wil get you you're local /etc/passwd
For what it's worth, I'm getting the same results with the same version of thttpd. $ lynx -dump drwho.virtadpt.net:80/../../../../../../../../etc/passwd root:*:0:0:Charlie &:/root:/bin/ksh daemon:*:1:1:The devil himself:/root:/sbin/nologin operator:*:2:5:System &:/operator:/sbin/nologin bin:*:3:7:Binaries Commands and Source,,,:/:/sbin/nologin smmsp:*:25:25:Sendmail Message Submission Program:/nonexistent:/sbin/nologin popa3d:*:26:26:POP3 Server:/var/empty:/sbin/nologin sshd:*:27:27:sshd privsep:/var/empty:/sbin/nologin ...blah blah blah... versus: $ lynx -dump http://drwho.virtadpt.net:80/../../../../../../../../etc/passwd Bad Request Your browser sent a request that this server could not understand. - -- The Doctor [412/724/301/703] [ZS] Developer, Project Byzantium: http://project-byzantium.org/ PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ "Am I missing an eyebrow?" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlGc90oACgkQO9j/K4B7F8GgcQCgrgdV2puuyGh7P3t8tIaqRIXx xHQAoNRvkLreR5OOFukhEsiUFLtUy/V3 =n8K3 -----END PGP SIGNATURE-----
Current thread:
- Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability Matthias Weckbecker (May 22)
- Re: Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability Oden Eriksson (May 22)
- Re: Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability Vitezslav Cizek (May 22)
- Re: Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability George Theall (May 22)
- Re: Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability The Doctor (May 22)
- Re: Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability Matthias Weckbecker (May 22)
- Re: Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability Zate (May 22)
- Re: Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability Oden Eriksson (May 22)
- Re: Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability Vitezslav Cizek (May 22)
- Re: Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability Tavis Ormandy (May 22)
- Re: Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability Oden Eriksson (May 22)