oss-sec mailing list archives

CVE request: Bypass protected directory by Monkey HTTPD - Mandril security plugin

From: Felipe Pena <felipensp () gmail com>
Date: Fri, 14 Jun 2013 14:22:27 -0300

Monkey HTTPD - Mandril security plugin
Mandril is a plugin which provides a security layer to Monkey through
rules which can be applied to the request URI or by network address.

A vulnerability was found in the way as the URI are validated. The plugin check
the configuration rules against possible encoded URIs.

PoC
---

Configuration sample:
[RULES]
Deny_URL /test/

To bypass such rule, we just need to make a request like:
http://yourhost/%2ftest/


Report
------
http://bugs.monkey-project.com/ticket/186


CREDITS
-------
Felipe Pena

--
Regards,
Felipe Pena

Current thread:

CVE request: Bypass protected directory by Monkey HTTPD - Mandril security plugin Felipe Pena (Jun 14)
- Re: CVE request: Bypass protected directory by Monkey HTTPD - Mandril security plugin Kurt Seifried (Jun 14)