Bugtraq mailing list archives
Re: Brown Orifice HTTPD Directory Traversal Vulnerability (was Re : Dangerous Java/Netscape Security Hole)
From: "Wilson, Brian F" <Brian.Wilson () BNSF COM>
Date: Tue, 8 Aug 2000 11:41:11 -0500
Additional Info... A simpler traversal option is to click on the "Up to higher level directory" link when browsing the affected machine. This has worked on all of the windows machines that I've visited with BOHTTPD Spy. I have gotten 'Permission Denied.' messages on some machines that appeared to be *ix platforms when trying to traverse higher than the 'share point'. -Brian Wilson -----Original Message----- From: TAKAGI, Hiromitsu [mailto:takagi () ETL GO JP] Sent: Tuesday, August 08, 2000 8:43 AM To: BUGTRAQ () SECURITYFOCUS COM Subject: Brown Orifice HTTPD Directory Traversal Vulnerability (was Re: Dangerous Java/Netscape Security Hole) ===================================================== Brown Orifice HTTPD Directory Traversal Vulnerability ===================================================== Background ---------- Brown Orifice HTTPD (BOHTTPD) <http://www.brumleve.com/BrownOrifice/> is "a web server and file sharing tool" that runs as a Java Applet in Netscape Navigator.(*1) It was written by Dan Brumleve and was announced in BugTraq a few days ago. Problem Description ------------------- Brumleve's demonstration page politely asks users to specify a directory on their computer for public access. However, by specifying "\.." in HTTP requests to the server, an attacker can navigate the server's file system and view/download any files. For example, http://your-ip-address:8080/C:/temp/\../ or http://your-ip-address:8080/C:/temp/%5C../ (for Internet Explorer as a client) will display the contents of the root directory of C: drive of the server's computer. Affected versions and platforms ------------------------------- This bug has been verified to be present on the BOHTTPD 0.1 in Netscape Navigator 4.72 for Windows. Workaround ---------- Do not use BOHTTPD. :-) (*1) This is also a security hole per se, as you know. Regards, -- Hiromitsu Takagi Electrotechnical Laboratory http://www.etl.go.jp/~takagi/
Current thread:
- Re: Brown Orifice HTTPD Directory Traversal Vulnerability (was Re : Dangerous Java/Netscape Security Hole) Wilson, Brian F (Aug 09)