lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Date: Mon, 17 Mar 2003 15:45:05 +0800
From: "dong-h0un U" <xploit@...kermail.com>
To: bugtraq@...urityfocus.com
Subject: [INetCop Security Advisory #2002-0x82-013] Kebi Academy 2001 Web
    Solution Directory Traversing Vulnerability.




	========================================
	INetCop Security Advisory #2002-0x82-013
	========================================


* Title: Kebi Academy 2001 Web Solution Directory Traversing Vulnerability.


0x01. Description


Kebi Academy 2001 is web solution that is supplied to C Binary CGI in web.
Fatal vulnerability that can read or can write,
and execute uploading malignancy code interior file of system in remote of this web solution exists.

Vulnerability happens because don't filter "../" from homepage file administration contents of web solution.
If exploit of vulnerability succeeds, is possible to be writing with reading file as competence of webserver.
Also, result that attacker can execute shell in remote if upload malignancy code
to directory that cgi or php file can be executed happens.


0x02. Vulnerable Packages


Vendor site: http://solution.nara.co.kr/

Kebi Academy 2001 Solution
+Linux
+Unix

* We already, liaised to vendor.


0x03. Exploit


Can read certain file as following as competence of webserver.


http://target.com/k/home?dir=/&file=../../../../../../../../etc/passwd&lang=kor


If become so, can get other user's database and so on which can get as competence of web server.
Also, can upload certain file to directory that competence of web server is permited.
In case attacker uploads code that is enemy of evil,
it can enforce very fatal attack.


0x04. Patch


--

It can solve these problems as chroot() function.
Desire to compose safer web solution.

--

P.S: Sorry, for my poor english.


--
By "dong-houn yoU" (Xpl017Elz), in INetCop(c) Security.

MSN & E-mail: szoahc(at)hotmail(dot)com,
              xploit(at)hackermail(dot)com

INetCop Security Home: http://www.inetcop.org (Korean hacking game)
             My World: http://x82.i21c.net & http://x82.inetcop.org

GPG public key: http://x82.inetcop.org/h0me/pr0file/x82.k3y
--


-- 
_______________________________________________
Get your free email from http://www.hackermail.com

Powered by Outblaze

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ