|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Busy box httpd file traversal vulenrability
bug-finder
hotmail.com
Date: Sat Sep 16 2006 - 11:07:27 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
a file traversal attack is possible in busybox's http daemon when you send a url encoded slash like this http://attacked-host//%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd I have tested with busy box 1.01 and I dont know if other versions are vulenrable
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]