Home page logo

bugtraq logo Bugtraq mailing list archives

Re: double dot vulnerability on a site running Informix database.
From: Joel Michael <joel () diggy com au>
Date: 27 Nov 2001 10:32:30 +1000

On Thu, 2001-11-22 at 21:09, Beck Mr.R wrote:
I found a doubledot vulnerability on a site running 
Informix database. I can read of any file on the 
system by putting /../ into the url. But so far I have 
only found two sites with this problem. 
The site is running Netscape-Enterprise/4.0 on 
Solaris according to Netcraft.com

I have tested this on Apache 1.3.12/Solaris 7/webdriver 4.10.UC1,
Netscape Enterprise 3.6/NT4/webdriver 4.10.TC1, IIS 5.0/Win2K/webdriver
4.11.TC1, Apache 1.3.12/Linux/webdriver 4.10.UC1, running on Informix
Universal Server 9.2x on Linux, NT4 and Win2K with the web datablade
4.x.  All do not have this problem.

All the platforms I have tested simply close the connection immediately,
giving a zero-sized reply.  I also tested using MIvalObj= instead of
LO=, MIvalObj gives a 500 reply.

Do you know which version of the webdriver is this affecting?  As I have
tested a few different versions in the 4.1x series, maybe this only
applies to the 3.x series, the 4.0x series or a newer version which I do
not yet have?

Can you give any more details about the configuration of the web server?
Joel Michael
Systems Administrator
Worldhosting.org Pty. Ltd.

Ph: +61 7 3367 3555
Fax: +61 7 3367 3544
Mobile: +61 408 336 728

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]