[18727] in bugtraq
LocalWEB2000 Directory Traversal Vulnerability
daemon@ATHENA.MIT.EDU (SNS Research)
Mon Jan 22 19:10:10 2001
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <1152838942.20010119214152@greyhack.com>
Date: Fri, 19 Jan 2001 21:41:52 +0100
Reply-To: SNS Research <vuln-dev@greyhack.com>
From: SNS Research <vuln-dev@greyhack.com>
To: BUGTRAQ@SECURITYFOCUS.COM
Strumpf Noir Society Advisories
! Public release !
<--#
-= LocalWEB2000 Directory Traversal Vulnerability =-
Release date: Friday, January 19, 2001
Introduction:
LocalWEB2000 is a HTTP server for the MS Windows suite of operating
systems. It's intended for use as an intranet server by small to
medium size companies.
LocalWEB2000 is availble from http://www.intranet-server.co.uk
Problem:
Adding the string "../" to an URL allows an attacker access to files
outside of the webserver's publishing directory. This allows read
access to any file on the server.
Example:
http://localhost:80/../../../autoexec.bat reads the file
"autoexec.bat" from the partition's root dir (using default install).
(..)
Solution:
Vendor has been notified, the problem will be fixed in a future
release. This was tested against LocalWEB2000 v1.1.0.
yadayadayada
SNS Research is rfpolicy (http://www.wiretrip.net/rfp/policy.html)
compliant, all information is provided on AS IS basis.
EOF, but Strumpf Noir Society will return!
