Viewing arbitrary file from the file system using Eshare Expressions 4 server

From: Alex Forkosh (aforkosh@techie.com)
Date: 02/05/02 

From: "Alex Forkosh" <aforkosh@techie.com>
To: <bugtraq@securityfocus.com>
Date: Tue, 5 Feb 2002 00:18:42 -0600

There is a bug in Expressions server where you can view any file on the
drive that the server is installed on by using simple ../../

Example:
If eshare server Is installed at:
C:\eshare\expressions
And lets say this is an NT4.0 machine with os installed in c:\winnt
It is possible to pull win.ini file from winnt directory using

Proto://domainname.com/../../../../../winnt/win.ini

Any file can be viewed in the manner.

Relevant Pages

  • Re: Problem with Xserver and Gnome applications
    ... The program 'gedit' received an X Window System error. ... This probably reflects a bug in the program. ... request belongs to an X11 extension. ... server does not support that extension and gedit doesn't check for it ...
    (comp.sys.sgi.admin)
  • Re: Failed to map the path /App_GlobalResources/
    ... Have you also tested on other server to see whether you'll encounter the ... is this the first time you try deploying 2.0 website on ... |> | If not, install it, and check to see whether the bug remains. ...
    (microsoft.public.dotnet.framework.aspnet)
  • 5 bugs
    ... Don't confuse with Apacheweb server. ... Bug founded in function $exists. ... If you want to use this function (play sound-requests), ...
    (Bugtraq)
  • [VulnWatch] 5 bugs
    ... Don't confuse with Apacheweb server. ... Bug founded in function $exists. ... If you want to use this function (play sound-requests), ...
    (VulnWatch)
  • Re: [Full-disclosure] Which is more secure? Oracle vs. Microsoft
    ... AK>> The following bugs are Oracle application server bugs (Oracle Portal ... DL> app these are PL/SQL packages in the database server. ... is an Oracle database bug? ...
    (Full-Disclosure)
Loading