pWins Perl Web Server Directory Transversal Vulnerability
From: Matthew Wagenknecht (mattwagenknecht@hotmail.com)
Date: 11/28/02
- Previous message: Aaron C. Newman (Application Security, Inc.): "ASI Sybase Security Alert: Buffer overflow in DBCC CHECKVERIFY"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Matthew Wagenknecht" <mattwagenknecht@hotmail.com> To: news@securiteam.com, vulnwatch@vulnwatch.org, bugtraq@securityfocus.com Date: Wed, 27 Nov 2002 16:49:19 -0700
From www.sourceforge.net/projects/pwins: "pWins is a webserver-software
based on perl and ruby (not yet) code. My aim is to make it fast, small and
secure, supporting cgi (perl, ruby) and php scripts. It's easy to install
and configurate!"
versions: 0.2.5 and earlier, tested on Windows only..
description:
pWins allows directory transversal via unicode characters (%255, you know,
nimda stuff).. If it's installed on the c drive, you can get to any file
(ahem.. sam._) easily.. for example,
http://SomeWebServer/../../windows/repair/sam._
no exploit provided because too trivial..
fix:
author has posted a patch in the Bugs section on sourceforge.net, but I've
found that it breaks script processing because he forgot to escape the
special characters (%)in his regular expressions.. line 247 of cgipl.pm (i
think) search for url_check
or wait for version 0.2.8 due to be out soon..
Matt Wagenknecht
Security Administrator
_________________________________________________________________
The new MSN 8: smart spam protection and 2 months FREE*
http://join.msn.com/?page=features/junkmail
- Next message: Paul Szabo: "Re: d_path() truncating excessive long path name vulnerability"
- Previous message: Aaron C. Newman (Application Security, Inc.): "ASI Sybase Security Alert: Buffer overflow in DBCC CHECKVERIFY"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
