Bugtraq mailing list archives
WEBactive HTTP Server 1.0 Directory Traversal
From: slipy () B10Z NET
Date: Fri, 16 Feb 2001 19:20:58 -0000
Introduction: ITAfrica's WEBactive HTTP Server 1.00 is an HTTP/1.00-compliant World Wide Web server daemon for Windows 95 or Windows NT, specifically designed for the SOHO (Small Office/Home) environment. It will operate on any TCP/IP connection to the Internet, whether via temporary dial- up or permanent leased-line connectivity. The Vendors website is: *unknown* Download Package at: ftp://ftp.euro.net/d3/Windows/winsock- l/Windows95/Daemons/HTTPD/activ100.zip Problem: Simple Directory Traversal Adding the string "/../" to an URL allows an attacker to view any file on the server provided you know where the file is at in the first place. Only Win9x & NT are affected. Examples: http://www.VULNERABLE.com/../../../scandisk.log ^^ = Will obviously open the scandisk.log file. Note: The ../'s depend on where the httpd is installed and what file you are attempting to view. I was debating to publish this hole or not because it apears the company is no longer in service and wasn't a very popular httpd in the first place but, c0n@efnet talked me into it despite my objection. Solution: Vendor would have been contacted if I could have found their email. In the mean time switch to a different httpd program to host your home page off of your Microsoft (c) operating system. (or switch to a better os!) -------------------- b10z cgi advisory. slipy () b10z net February 16th, 2001.
Current thread:
- WEBactive HTTP Server 1.0 Directory Traversal slipy (Feb 16)