Busy box httpd file traversal vulenrability

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Subject: Busy box httpd file traversal vulenrability
From: bug-finder@xxxxxxxxxxx
Date: 16 Sep 2006 16:07:27 -0000

a file traversal attack is possible in busybox's http daemon when you send a url encoded slash like this http://attacked-host//%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd I have tested with busy box 1.01 and I dont know if other versions are vulenrable

Prev by Date: [USN-348-1] GnuTLS vulnerability
Next by Date: EShoppingPro v1.0(search_run.asp) Remote SQL Injection Vulnerability
Previous by thread: [USN-348-1] GnuTLS vulnerability
Next by thread: EShoppingPro v1.0(search_run.asp) Remote SQL Injection Vulnerability
Index(es):
- Date
- Thread

[Index of Archives] [Linux Security] [Netfilter] [PHP] [Yosemite News] [Linux Kernel]

Powered by Linux