[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] IronWall webserver remote file access.
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: [Full-disclosure] IronWall webserver remote file access.
- From: hwclock <hwclock@xxxxxxxxx>
- Date: Wed, 11 Jan 2006 02:56:33 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
IronWall webserver 7.41 directory traversal
[-
## Software ##
App: IronWall Webserver
Version: 7.41 estable (others not tested)
Platform: win32
## Background ##
Ironwall webserver is a small web server for win32 systems.
It can be downloaded totally free at softonic/tucows, and their devels seems
to be out of order.
## Vulns ##
1.- If its installed with default options, it shows any file in any drive of
the computer where is installed,
because there is no root path already defined.
Sample:
http://www.server.com/path/to/file.ext
This is not a bug, but it's a big security problem.
2.- When root path is defined, you still have access to full drives. Just
add 3 or more dots (...) as path
in the url. This set the drive where installed as root path, and gives
access to every files.
Sample:
http://www.server.com/...../path/to/file.ext
## Vendor status ##
Vendor was notified on 2005-12-08 without answer.
- -]
note: softonic at 03/09/2005 (19.886 downloads), 2nd pos sorted by
downloads.
* thanks to make-bzimage.net *
* M4ntr4... we known your're reading it!. *
zdump (at) make-bzimage (dot) net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQFDxGTcICM1ozzFv7sRAg2UAKCARky1hT/z0hlrOYtI7oHmQGWqyQCfXCSG
oxbVdYiRv1cGSDZieXCwUqg=
=pM7s
-----END PGP SIGNATURE-----
--
hwclock (at) gmail (dot) com
GPG ID: 0x3CC5BFBB
GPG Srv: pgp.rediris.es
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/