OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: SNS Research (vuln-devGREYHACK.COM)
Date: Fri Jan 19 2001 - 14:41:52 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Strumpf Noir Society Advisories
    ! Public release !
    <--#

    -= LocalWEB2000 Directory Traversal Vulnerability =-

    Release date: Friday, January 19, 2001

    Introduction:

    LocalWEB2000 is a HTTP server for the MS Windows suite of operating
    systems. It's intended for use as an intranet server by small to
    medium size companies.

    LocalWEB2000 is availble from http://www.intranet-server.co.uk

    Problem:

    Adding the string "../" to an URL allows an attacker access to files
    outside of the webserver's publishing directory. This allows read
    access to any file on the server.

    Example:

    http://localhost:80/../../../autoexec.bat reads the file
    "autoexec.bat" from the partition's root dir (using default install).

    (..)

    Solution:

    Vendor has been notified, the problem will be fixed in a future
    release. This was tested against LocalWEB2000 v1.1.0.

    yadayadayada

    SNS Research is rfpolicy (http://www.wiretrip.net/rfp/policy.html)
    compliant, all information is provided on AS IS basis.

    EOF, but Strumpf Noir Society will return!