[24116] in bugtraq
Viewing arbitrary file from the file system using Eshare Expressions 4 server
daemon@ATHENA.MIT.EDU (Alex Forkosh)
Tue Feb 5 12:39:34 2002
From: "Alex Forkosh" <aforkosh@techie.com>
To: <bugtraq@securityfocus.com>
Date: Tue, 5 Feb 2002 00:18:42 -0600
Message-ID: <008501c1ae0c$f6772ad0$6512060a@dumphere.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
There is a bug in Expressions server where you can view any file on the
drive that the server is installed on by using simple ../../
Example:
If eshare server Is installed at:
C:\eshare\expressions
And lets say this is an NT4.0 machine with os installed in c:\winnt
It is possible to pull win.ini file from winnt directory using
Proto://domainname.com/../../../../../winnt/win.ini
Any file can be viewed in the manner.
