Re: Severe Vuln. in "secure" webserver.

From: Renaud Deraison (deraisonat_private)
Date: Tue Nov 27 2001 - 09:16:03 PST

Next message: Scott Walker Register: "RE: kernel panic [linux 2.2.19-7] on UDP scan CP4.1-SP5"

Previous message: H C: "Re: Does anybody knows how to find out"
In reply to: vuln-dev: "Severe Vuln. in "secure" webserver."
Next in thread: Larry W. Cashdollar: "Re: Severe Vuln. in "secure" webserver."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Nov 27, 2001 at 06:18:56AM +0000, vuln-dev wrote:
> GOBBLES@localhost:/tmp/awhttpd$ lynx -dump localhost:8000/../ >GOBBLES
> Current directory is /tmp/awhttpd/
> 
>     -rw-------    1 GOBBLES  hackers       1786 Jul 21 14:34 [1]CHANGES
>     -rw-------    1 GOBBLES  hackers          0 Nov 26 09:10 [2]GOBBLES

By golly! The whole planet is vulnerable to this flaw ! And all the
servers (even non-existing ones) display the content of *my* disk !

[renaud@bender renaud]$ lynx -dump www.nessus.org/../
Current directory is /home/renaud/
    drwxrwxr-x   19 renaud   renaud      4096 Nov 27 15:38 [1]Devel/

[renaud@bender renaud]$ lynx -dump foobarily/../
Current directory is /home/renaud/
    drwxrwxr-x   19 renaud   renaud      4096 Nov 27 15:38 [1]Devel/


Oh, wait...

:)
				-- Renaud

-- 
Renaud Deraison
The Nessus Project
http://www.nessus.org

Next message: Scott Walker Register: "RE: kernel panic [linux 2.2.19-7] on UDP scan CP4.1-SP5"
Previous message: H C: "Re: Does anybody knows how to find out"
In reply to: vuln-dev: "Severe Vuln. in "secure" webserver."
Next in thread: Larry W. Cashdollar: "Re: Severe Vuln. in "secure" webserver."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Nov 27 2001 - 09:29:30 PST