[23239] in bugtraq
double dot vulnerability on a site running Informix database.
daemon@ATHENA.MIT.EDU (Beck Mr.R)
Fri Nov 23 18:36:21 2001
Date: 22 Nov 2001 11:09:14 -0000
Message-ID: <20011122110914.19841.qmail@mail.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: "Beck Mr.R" <bug_hunt@hotmail.com>
To: bugtraq@securityfocus.com
Mailer: SecurityFocus
I found a doubledot vulnerability on a site running
Informix database. I can read of any file on the
system by putting /../ into the url. But so far I have
only found two sites with this problem.
The site is running Netscape-Enterprise/4.0 on
Solaris according to Netcraft.com
On the site All image files are linked like this:
http://site.com/ifx/?
LO=00000001a6b7c8d900000003000000030004334d
38e02543000000000001eb800000000000000000000
0000000000000000000000000000000000000000000
000000000000000000
This is a part of fetching an image from the
wbBinaries system table. The Web DataBlade
Module provides wbBinaries for storing large binary
resources such as images, sounds, and videos.
But if I want to get the content of etc directory:
http://site.com/ifx/?LO=../../../etc/
or even:
http://site.com/ifx/?LO=../../../etc/passwd
So, is this a widespead bug?
