[19267] in bugtraq
WEBactive HTTP Server 1.0 Directory Traversal
daemon@ATHENA.MIT.EDU (slipy@B10Z.NET)
Fri Feb 16 18:08:49 2001
Message-Id: <20010216192058.20683.qmail@securityfocus.com>
Date: Fri, 16 Feb 2001 19:20:58 -0000
Reply-To: slipy@B10Z.NET
From: slipy@B10Z.NET
To: BUGTRAQ@SECURITYFOCUS.COM
Introduction:
ITAfrica's WEBactive HTTP Server 1.00 is an
HTTP/1.00-compliant World Wide Web server
daemon for Windows 95 or Windows NT, specifically
designed for the SOHO (Small Office/Home)
environment. It will operate on any TCP/IP
connection to the Internet, whether via temporary dial-
up or permanent leased-line connectivity.
The Vendors website is:
*unknown*
Download Package at:
ftp://ftp.euro.net/d3/Windows/winsock-
l/Windows95/Daemons/HTTPD/activ100.zip
Problem: Simple Directory Traversal
Adding the string "/../" to an URL allows an attacker to
view any file on the server provided you know where
the file is at in the first place. Only Win9x & NT are
affected.
Examples:
http://www.VULNERABLE.com/../../../scandisk.log
^^ = Will obviously open the scandisk.log file.
Note: The ../'s depend on where the httpd is installed
and what file you are attempting to view. I was
debating to publish this hole or not because it apears
the company is no longer in service and wasn't a very
popular httpd in the first place but, c0n@efnet talked
me into it despite my objection.
Solution:
Vendor would have been contacted if I could have
found their email. In the mean time switch to a
different httpd program to host your home page off of
your Microsoft (c) operating system. (or switch to a
better os!)
--------------------
b10z cgi advisory.
slipy@b10z.net
February 16th, 2001.
