Jump to content
zbeng

directory traversal bug

Recommended Posts

Posted

1. Description:

----------------

Vendor's Description:

"A simple Java multi-threaded Web Server that supports HTTP/1.0

protocol."

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

------------

2. The bug:

------------

The program doesn't check for malicious patterns like "/../", so an

attacker is able to see and download all the files on the remote

system simply using a browser.

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

-------------

3. The code:

-------------

To test the vulnerability:

http://[host]:6789/../someFile

or:

http://[host]:6789/../../../../etc/passwd

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

------------

4. The fix:

------------

Bug fixed in the version 0.3.4.

If you want, you can use my following little patch, that should fix

the bug for this version of PWebServer:

..

.

.

( line: 99 )

fileName = tokenizedLine.nextToken(); // get the relative file name

/* start of patch */

boolean check = false;

for(int t = 0; t < fileName.length()-1 && check == false; t++){

if(fileName.charAt(t) == '.' && fileName.charAt(t+1) == '.')

check = true;

}

if(check == true)

fileName = "";

/* end of patch */

/* empty filename */

if(fileName.equals("") | fileName.equals("/"))

{

.

.

..

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...