Home page logo
/

bugtraq logo Bugtraq mailing list archives

double dot vulnerability on a site running Informix database.
From: Beck Mr.R <bug_hunt () hotmail com>
Date: 22 Nov 2001 11:09:14 -0000

Mailer: SecurityFocus

I found a doubledot vulnerability on a site running 
Informix database. I can read of any file on the 
system by putting /../ into the url. But so far I have 
only found two sites with this problem. 
The site is running Netscape-Enterprise/4.0 on 
Solaris according to Netcraft.com

On the site All image files are linked like this:
http://site.com/ifx/?
LO=00000001a6b7c8d900000003000000030004334d
38e02543000000000001eb800000000000000000000
0000000000000000000000000000000000000000000
000000000000000000 

This is a part of fetching an image from the 
wbBinaries system table. The Web DataBlade 
Module provides wbBinaries for storing large binary 
resources such as images, sounds, and videos.  

But if I want to get the content of etc directory:
http://site.com/ifx/?LO=../../../etc/

or even: 
http://site.com/ifx/?LO=../../../etc/passwd


So, is this a widespead bug?


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]