Hi, The iChat (http://www.ichat.com/) ROOMS server runs as 'nobody', and on port 4080 as default. From what I've noticed, it just uses http, and has a bug which lets following /../../../ be ran on the URL using any web browser. For example, something like: http://chat.server.com:4080/../../../etc/passwd will display the passwd file. With this you can view any file on the system that 'nobody' has access to. I was only able to test this on version 3.0 of the software, and running on Solaris. I contacted the company about this, all they said was that if you're using 3.0, you should upgrade to 3.03 as soon as possible. I don't even know if this particular bug is fixed in that version. If you can try this on other versions and OS's, I'd like to hear about the results. Thanks, Jon Beaton jonat_private jbx @ Undernet
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:15:42 PDT