Vulnerability Development mailing list archives
Re: Severe Vuln. in "secure" webserver.
From: Renaud Deraison <deraison () cvs nessus org>
Date: Tue, 27 Nov 2001 18:16:03 +0100
On Tue, Nov 27, 2001 at 06:18:56AM +0000, vuln-dev wrote:
GOBBLES@localhost:/tmp/awhttpd$ lynx -dump localhost:8000/../ >GOBBLES Current directory is /tmp/awhttpd/ -rw------- 1 GOBBLES hackers 1786 Jul 21 14:34 [1]CHANGES -rw------- 1 GOBBLES hackers 0 Nov 26 09:10 [2]GOBBLES
By golly! The whole planet is vulnerable to this flaw ! And all the servers (even non-existing ones) display the content of *my* disk ! [renaud@bender renaud]$ lynx -dump www.nessus.org/../ Current directory is /home/renaud/ drwxrwxr-x 19 renaud renaud 4096 Nov 27 15:38 [1]Devel/ [renaud@bender renaud]$ lynx -dump foobarily/../ Current directory is /home/renaud/ drwxrwxr-x 19 renaud renaud 4096 Nov 27 15:38 [1]Devel/ Oh, wait... :) -- Renaud -- Renaud Deraison The Nessus Project http://www.nessus.org
Current thread:
- Severe Vuln. in "secure" webserver. vuln-dev (Nov 27)
- Re: Severe Vuln. in "secure" webserver. Renaud Deraison (Nov 27)
- Re: Severe Vuln. in "secure" webserver. Larry W. Cashdollar (Nov 27)