|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
X-Qmail-Scanner-Mail-From: joel@diggy.com.au via mail1.us.worldhosting.org X-Qmail-Scanner-Rcpt-To: bug_hunt@hotmail.com,bugtraq@securityfocus.com From: Joel Michael <joel@diggy.com.au> To: "Beck Mr.R" <bug_hunt@hotmail.com> Cc: bugtraq@securityfocus.com In-Reply-To: <20011122110914.19841.qmail@mail.securityfocus.com> Content-Type: text/plain Content-Transfer-Encoding: 7bit Date: 27 Nov 2001 10:32:30 +1000 Message-Id: <1006821153.30940.1.camel@joel> Mime-Version: 1.0 On Thu, 2001-11-22 at 21:09, Beck Mr.R wrote: > I found a doubledot vulnerability on a site running > Informix database. I can read of any file on the > system by putting /../ into the url. But so far I have > only found two sites with this problem. > The site is running Netscape-Enterprise/4.0 on > Solaris according to Netcraft.com > I have tested this on Apache 1.3.12/Solaris 7/webdriver 4.10.UC1, Netscape Enterprise 3.6/NT4/webdriver 4.10.TC1, IIS 5.0/Win2K/webdriver 4.11.TC1, Apache 1.3.12/Linux/webdriver 4.10.UC1, running on Informix Universal Server 9.2x on Linux, NT4 and Win2K with the web datablade 4.x. All do not have this problem. All the platforms I have tested simply close the connection immediately, giving a zero-sized reply. I also tested using MIvalObj= instead of LO=, MIvalObj gives a 500 reply. Do you know which version of the webdriver is this affecting? As I have tested a few different versions in the 4.1x series, maybe this only applies to the 3.x series, the 4.0x series or a newer version which I do not yet have? Can you give any more details about the configuration of the web server? -- Joel Michael Systems Administrator Worldhosting.org Pty. Ltd. Ph: +61 7 3367 3555 Fax: +61 7 3367 3544 Mobile: +61 408 336 728
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |