exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

httpfileserver-traverse.txt

httpfileserver-traverse.txt
Posted Dec 8, 2007
Authored by Luigi Auriemma | Site aluigi.org

HTTP File Server versions 2.2a and below and 2.3 beta and below suffer form a directory traversal vulnerability in file uploading.

tags | advisory, web, file inclusion, file upload
SHA-256 | 4b3710f457633595f2cb9577aaa76fb204b3aa442a3917ce56c6b7ba3f6826f2

httpfileserver-traverse.txt

Change Mirror Download

#######################################################################

Luigi Auriemma

Application: HTTP File Server
http://www.rejetto.com/hfs/
Versions: <= 2.2a and <= 2.3 beta (build #146)
Platforms: Windows
Bug: limited directory traversal in files uploading
Exploitation: remote
Date: 05 Dec 2007
Author: Luigi Auriemma
e-mail: aluigi@autistici.org
web: aluigi.org


#######################################################################


1) Introduction
2) Bug
3) The Code
4) Fix


#######################################################################

===============
1) Introduction
===============


HFS is a very nice and small file server for Windows easy to use and
with many interesting features.


#######################################################################

======
2) Bug
======


HFS allows the uploading of files to the real folders added to the
Virtual File System.
The problem is that an attacker can upload files outside the
destination folder reaching the root or any other directory on the disk
in which is located the upload folder using the ../ pattern.

Note that uploading must be enabled on the target folder, that the
attacker must have access to it (is possible to restrict the access to
that folder to a specific account) and that is not possible to
overwrite existing files because the server avoids it (for example if a
file called file.txt already exists the new one will be called
file(1).txt).


#######################################################################

===========
3) The Code
===========


http://aluigi.org/testz/myhttpup.zip

myhttpup http://SERVER/folder file.txt ../../../file.txt


#######################################################################

======
4) Fix
======


2.2b #150 and 2.3 beta #160


#######################################################################


---
Luigi Auriemma
http://aluigi.org
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close