exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

bearshare.4.0.6.txt

bearshare.4.0.6.txt
Posted Oct 4, 2002
Authored by Aviram Jenik, Gluck, Mario Solares | Site BeyondSecurity.com

Bearshare v4.0.6 and below is contains a directory traversal bug which allows remote attackers to view any file on the system by sending a specially crafted HTTP request. Exploit URL's included.

tags | exploit, remote, web
SHA-256 | cad3d0362461a14c8ccbd95f6f1f600ac94604d550985ae00256a9005707e65c

bearshare.4.0.6.txt

Change Mirror Download
  BearShare Directory Traversal Issue Resurfaces
------------------------------------------------------------------------

Article reference:
http://www.securiteam.com/windowsntfocus/6D0010A5PU.html


SUMMARY

A while back BearShare 2.2.2 was
<http://www.securiteam.com/windowsntfocus/5SP0P2K40U.html> reported to
have a directory traversal vulnerability in it. This issue was fixed by
the company, now a different variant of the same issue seems to have
resurfaced, allowing a remote attacker to view any file he desires by
issuing a specially crafted HTTP request.

Despite a correction attempt in part of the vendor, the updated version
is still vulnerable.

DETAILS

Vulnerable systems:
* BearShare version 4.0.5
* BearShare version 4.0.6 (second variant)


Vendor response:
"The fix for the directory traversal issue you reported to us has been
released as part of BearShare 4.0.6. All users will be notified by the
application itself that a new version is available."

Workaround:
Users that do not upgrade are recommend to deactivate the built in
personal web server by choosing Setup->Uploads and un-checking the
"Activate the built in personal web server" check box.

Example (first variant):
Issuing the following request:

http://127.0.0.1:6346/%5c..%5c..%5c..%5cwindows%5cwin.ini

Would translate into:
http://127.0.0.1:6346/\..\..\..\windows\win.ini

Returning the win.ini file.

Second variant:
Following the release of BearShare version 4.0.6, Gluck has informed us
that this version is still vulnerable to a simple variant of the attack
which indicates bearshare has not done a good job of fixing the problem.
This time issuing the following request would work:

http://127.0.0.1:6346/%5c..%5c..%5c..%5cwindows%5cwin%2eini



The information has been provided by <mailto:gluck@securedream.net>
Gluck
and <mailto:mario@freepeers.com> Mario Solares.


--
Aviram Jenik
Beyond Security Ltd.
http://www.BeyondSecurity.com
http://www.SecuriTeam.com

Know that you're safe:
http://www.AutomatedScanning.com

Login or Register to add favorites

File Archive:

September 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    23 Files
  • 2
    Sep 2nd
    12 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    0 Files
  • 5
    Sep 5th
    10 Files
  • 6
    Sep 6th
    8 Files
  • 7
    Sep 7th
    30 Files
  • 8
    Sep 8th
    14 Files
  • 9
    Sep 9th
    26 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    5 Files
  • 13
    Sep 13th
    28 Files
  • 14
    Sep 14th
    15 Files
  • 15
    Sep 15th
    17 Files
  • 16
    Sep 16th
    9 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    12 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    13 Files
  • 23
    Sep 23rd
    12 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close