[25220] in bugtraq
Lil' HTTP Server Directory Traversal Vulnerability
daemon@ATHENA.MIT.EDU (Matthew Murphy)
Tue Apr 23 00:57:44 2002
Message-ID: <000501c1e945$4900f7e0$dd301c41@kc.rr.com>
From: "Matthew Murphy" <mattmurphy@kc.rr.com>
To: <news@securiteam.com>, <bugtraq@securityfocus.com>
Date: Sun, 21 Apr 2002 10:00:32 -0500
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Lil' HTTP Server is a Windows HTTP server that supports several features in
a relatively compact application. It is vulnerable to a classic (stupid)
attack:
http://[target]/../../windows/win.ini
This link will read WIN.INI on Windows 95/98/Me, and with a slight
modification ("winnt" instead of "windows") would do the same on an NT box.
Scott Slater, the author of the tool, assured me that "we will look into
this and update it very soon". This is encouraging to me, but the ease with
which this attack is conducted scares me.
