[19094] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Vulnerability in AOLserver

daemon@ATHENA.MIT.EDU (Bob Rogers)
Thu Feb 8 20:39:08 2001

MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID:  <14979.9180.168189.558707@h0050da615e79.ne.mediaone.net>
Date:         Thu, 8 Feb 2001 17:55:23 -0500
Reply-To: Bob Rogers <rogers-bugtraq@RGRJR.DYNDNS.ORG>
From: Bob Rogers <rogers-bugtraq@RGRJR.DYNDNS.ORG>
X-To:         joetesta@HUSHMAIL.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To:  <200102060730.XAA00736@user7.hushmail.com>

   From: joetesta@HUSHMAIL.COM
   Date:         Tue, 6 Feb 2001 02:31:40 -0800

   . . .
   AOLserver v3.2 is a web server available from http://www.aolserver.com.
   A vulnerability exists which allows a remote user user to break out of the
   web root using relative paths (ie: '...').

       Details

   AOLServer checks the requested virtual path for any double dots ('..'),
   and returns a 'Not Found' error page if any are present.  However, it
   does not check for triple dots ('...').  Here is an example URL:

	   http://localhost:8000/.../[file outside web root]

   Note that this vulnerability has only been tested on the latest stable
   release (v3.2) for the Win32 platform.
   . . .

AOLserver v3.2 on Linux (RH 6.0) does not appear to be vulnerable.
OS-dependent code?

					-- Bob Rogers


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[19094] in bugtraq

Vulnerability in AOLserver

daemon@ATHENA.MIT.EDU (Bob Rogers)Thu Feb 8 20:39:08 2001

daemon@ATHENA.MIT.EDU (Bob Rogers)
Thu Feb 8 20:39:08 2001