OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Marc Ruef (marc.ruef_at_computec.ch)
Date: Sun Oct 13 2002 - 03:29:53 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Hi!

    There is a directory traversal flaw in Daniel Arenz' Mini Server 2.1.6
    (tested on Windows XP Professional). It could be that prior versions are
    also affected.

    It's possible to show every by the web server readable file on the
    target system by using one of the following URLs:

    http://192.168.0.2/../../windows\win.ini
    http://192.168.0.2/..\..\windows\win.ini
    http://192.168.0.2/AAA[...]AAA..\..\..\..\windows\win.ini

    It should not be possible to hop through the file system by using some
    metacharacters (e.g. "..").

    Another problem is, that the log window has an upper limit for entries.
    If the window is full, there could no more entries be added.

    It would make sense to overwrite the first records or clear the whole
    window after the overflow.

    My email to Daniel was sent on 02/10/12. He acknowledged a day later the
    vulnerability and wrote, that he'll fix the bug(s) in the upcoming
    version 3.0.

    Bye, Marc

    -- 
    Computer, Technik und Security
    http://www.computec.ch