Introduction:

ITAfrica's WEBactive HTTP Server 1.00 is an
HTTP/1.00-compliant World Wide Web server
daemon for Windows 95 or Windows NT, specifically
designed for the SOHO (Small Office/Home)
environment. It will operate on any TCP/IP
connection to the Internet, whether via temporary dial-
up or permanent leased-line connectivity.

The Vendors website is:
*unknown*

Download Package at:
ftp://ftp.euro.net/d3/Windows/winsock-
l/Windows95/Daemons/HTTPD/activ100.zip

Problem: Simple Directory Traversal

Adding the string "/../" to an URL allows an attacker to
view any file on the server provided you know where
the file is at in the first place. Only Win9x & NT are
affected.

Examples:

http://www.VULNERABLE.com/../../../scandisk.log
^^ = Will obviously open the scandisk.log file.

Note: The ../'s depend on where the httpd is installed
and what file you are attempting to view. I was
debating to publish this hole or not because it apears
the company is no longer in service and wasn't a very
popular httpd in the first place but, c0nefnet talked
me into it despite my objection.

Solution:

Vendor would have been contacted if I could have
found their email. In the mean time switch to a
different httpd program to host your home page off of
your Microsoft (c) operating system. (or switch to a
better os!)

--------------------
b10z cgi advisory.
slipyb10z.net

February 16th, 2001.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]