NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 2001-02

From: UkR-XblP™ (cuctemaOK.RU)
Date: Mon Feb 12 2001 - 08:18:48 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-=-=-=-=-=[ UkR security team - advisory n0. 7 ]=-=-=-=-=-
tdhttp transversal bug
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Date: 07.02.2001

Problem: possibility of arbitrary file retreival
and directory listing on remote host, running
tdhttp (http.c, probably all its versions).

Workaround: try another http daemon (Apache, for ex.) and
disable http service 'till that time.

Comment: duh. I wonder if I can see /etc/passwd right in my
IE
window. No matter it's only beta version, I mean http.c.
After all, this bug is well-known.

Authors: XblP, S1LENCE

Example:
http://www.timduff.com/../../../../../../../../../../etc/passwd
http://www.timduff.com/../../../../../../../../../../root/
Get your free e-mail address at http://www.zmail.ru

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]