mailing list archives
double dot vulnerability on a site running Informix database.
From: Beck Mr.R <bug_hunt () hotmail com>
Date: 22 Nov 2001 11:09:14 -0000
I found a doubledot vulnerability on a site running
Informix database. I can read of any file on the
system by putting /../ into the url. But so far I have
only found two sites with this problem.
The site is running Netscape-Enterprise/4.0 on
Solaris according to Netcraft.com
On the site All image files are linked like this:
This is a part of fetching an image from the
wbBinaries system table. The Web DataBlade
Module provides wbBinaries for storing large binary
resources such as images, sounds, and videos.
But if I want to get the content of etc directory:
So, is this a widespead bug?
- double dot vulnerability on a site running Informix database. Beck Mr . R (Nov 23)