OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: slipyB10Z.NET
Date: Fri Feb 16 2001 - 13:20:58 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Introduction:

    ITAfrica's WEBactive HTTP Server 1.00 is an
    HTTP/1.00-compliant World Wide Web server
    daemon for Windows 95 or Windows NT, specifically
    designed for the SOHO (Small Office/Home)
    environment. It will operate on any TCP/IP
    connection to the Internet, whether via temporary dial-
    up or permanent leased-line connectivity.

    The Vendors website is:
    *unknown*

    Download Package at:
    ftp://ftp.euro.net/d3/Windows/winsock-
    l/Windows95/Daemons/HTTPD/activ100.zip

    Problem: Simple Directory Traversal

    Adding the string "/../" to an URL allows an attacker to
    view any file on the server provided you know where
    the file is at in the first place. Only Win9x & NT are
    affected.

    Examples:

    http://www.VULNERABLE.com/../../../scandisk.log
    ^^ = Will obviously open the scandisk.log file.

    Note: The ../'s depend on where the httpd is installed
    and what file you are attempting to view. I was
    debating to publish this hole or not because it apears
    the company is no longer in service and wasn't a very
    popular httpd in the first place but, c0nefnet talked
    me into it despite my objection.

    Solution:

    Vendor would have been contacted if I could have
    found their email. In the mean time switch to a
    different httpd program to host your home page off of
    your Microsoft (c) operating system. (or switch to a
    better os!)

    --------------------
    b10z cgi advisory.
    slipyb10z.net

    February 16th, 2001.