mailing list archives
Sybex E-Trainer Directory Traversal Vulnerability
From: "ZeroBreak" <ZeroBreak () softhome net>
Date: Sat, 9 Feb 2002 19:20:43 -0500
Author: ZeroBreak (zerobreak () softhome net)
Software: Sybex E-Trainer
Sybex E-Trainer's are computer based training courses. They run through
web interface using your web browser. When you launch the course, it
it's own web server and launch's your default web browser that connects
you locally on the default http server port, 80. When you close your
browser the web server also shut's down.
The vulnerability that takes place is the infamous ".." directory
traversal. With a specially crafted request to the web server you can
any file on the target's computer under the logged in users permissions.
The request is in the format of:
The web server is only running when a user runs the e-trainer course.
the user closes the browser the web server also shuts down. However if
user opens the e-trainer and uses the same browser window to start
other websites, the web server will stay open. This could cause the
vulnerable server to be running for an even longer period of time. It
should also be noted that this web server has not logging features and
is open to any connection requests. Not just from the local host.
You got a web browser don't you?
I shot an email to Sybex on the 5th, but haven’t gotten a response
back. Although my email provider has been having trouble lately.
This is not a huge vulnerability, but it depends how you look at it. It
easily take an otherwise secured system and leave it wide open for
intruders. Leaking sensitive or potentially confidential information.
- Sybex E-Trainer Directory Traversal Vulnerability ZeroBreak (Feb 11)