the host:4080/../../../etc/passwd bug has been fixed in 3.03 (checked for the solaris 2.5 version) Cheers, -Renzo [original post below] > The iChat (http://www.ichat.com/) ROOMS server runs as 'nobody', and on > port 4080 as default. From what I've noticed, it just uses http, and has > a bug which lets following /../../../ be ran on the URL using any web > browser. For example, something like: > > http://chat.server.com:4080/../../../etc/passwd > > will display the passwd file. With this you can view any file on the > system that 'nobody' has access to. I was only able to test this on > version 3.0 of the software, and running on Solaris. I contacted the > company about this, all they said was that if you're using 3.0, you > should upgrade to 3.03 as soon as possible. I don't even know if this > particular bug is fixed in that version. If you can try this on other > versions and OS's, I'd like to hear about the results.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:15:43 PDT