|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Beck Mr.R (bug_hunt
hotmail.com)Date: Thu Nov 22 2001 - 05:09:14 CST
('binary' encoding is not supported, stored as-is)
Mailer: SecurityFocus
I found a doubledot vulnerability on a site running
Informix database. I can read of any file on the
system by putting /../ into the url. But so far I have
only found two sites with this problem.
The site is running Netscape-Enterprise/4.0 on
Solaris according to Netcraft.com
On the site All image files are linked like this:
http://site.com/ifx/?
LO=00000001a6b7c8d900000003000000030004334d
38e02543000000000001eb800000000000000000000
0000000000000000000000000000000000000000000
000000000000000000
This is a part of fetching an image from the
wbBinaries system table. The Web DataBlade
Module provides wbBinaries for storing large binary
resources such as images, sounds, and videos.
But if I want to get the content of etc directory:
http://site.com/ifx/?LO=../../../etc/
or even:
http://site.com/ifx/?LO=../../../etc/passwd
So, is this a widespead bug?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]